[geeklog-devel] How to use COM_applyFilter

Blaine Lang geeklog at langfamily.ca
Thu Feb 26 17:46:18 EST 2004


Dirk wrote:
> array_walk sounds useful, but I'm not sure how you would derive a common
> function from it. How would it know which parameters are supposed to be
> numeric?

I was thinking we would have to pass it an array of variables and type and
options. Maybe pass the array of variables by reference. Not sure - just
thinking out loud. Maybe this would be better as a class.

Blaine

----- Original Message ----- 
From: "Dirk Haun" <dirk at haun-online.de>
To: <geeklog-devel at lists.geeklog.net>
Sent: Thursday, February 26, 2004 5:16 PM
Subject: Re: [geeklog-devel] How to use COM_applyFilter


> Blaine,
>
> >The other purpose I had was a stronger version that only allowed "letters
> >and numbers"
> >     $p = preg_replace('/^[^(0-9a-zA-Z)]+/','', $parameter );
>
> That may make sense. We should review some of the "freedoms" that Geeklog
> is giving users for 1.3.10 anyway. E.g. user names (we've discussed this
> one before, I remember) or topic IDs.
>
>
> >if (isset($HTTP_POST_VARS['op']) ) {
> >    $op = clubApplyFilter($HTTP_POST_VARS['op']);
> >} elseif (isset($HTTP_GET_VARS['op']) ) {
> >    $op = clubApplyFilter($HTTP_GET_VARS['op']);
> >} else {
> >    $op = '';
> >}
>
> I was actually discouraging the use of this in my writings. Although it
> probably makes sense to do this for one parameter (the mode of operation,
> as in your example) and then, depending on that mode parameter, get the
> other parameters ONLY from the array they are supposed to be in. I.e.
> something like
>
>     if ($op == 'submit') {
>         // 'submit' will always indicate a POST request
>         $something = COM_applyFilter ($HTTP_POST_VARS['something']);
>     } else if ($op == 'new') {
>         $whatever = COM_applyFilter ($HTTP_GET_VARS['whatever']);
>     }
>
>
> >I have been thinking, it would be nice to be have a common function that
> >would filter all the POST and GET vars. It is possible to walk the arrays
> >and maybe send it a list of variables to clean  - using array_walk().
>
> array_walk sounds useful, but I'm not sure how you would derive a common
> function from it. How would it know which parameters are supposed to be
> numeric?
>
> bye, Dirk
>
>
> -- 
> http://www.haun-online.de/
> http://geeklog.info/
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-devel




More information about the geeklog-devel mailing list