[geeklog-devel] New Data Filtering Class

Blaine Lang devel at portalparts.com
Wed Nov 12 16:42:02 EST 2008


A couple years ago, I added the sanatize.class.php as a first attempt 
for an OO interface and improvements to our COM_applyFilter. I never 
really used it nor did anyone else. Over the past months, I have taken 
up the cause again and have submitted my latest approach into CVS as 
it's replacement.

The filter is a class and allows you to submit an array of variables to 
be filtered, optionally set the filtering method per variable and return 
the filtered data into a single associative array. The COM_applyFilter 
works well for INT and CHAR type filtering but would not handle text 
that would be expected to include quotes. This new class has support for 
INT, CHAR and TEXT filtering modes and can easily extended. It would be 
easy now to add a HTML filter that used the new HTML_purifier pear project.

The class has several methods or ways to use it so that you can either 
load up a lot of data to be filtered or just call it one 1 line like 
COM_applyFilter works today.

While working on AJAX based projects, you need to filter the data first 
for SQL use and then run stripslashes on the data if your returning the 
data to your AJAX hander code to update the webpage. To better handle 
this, I have added methods to return data filtered and prep'ed for DB or 
Web.

The following are my comments from the class file.

<<>>
/* This class can be used to filter a single variable or an array of data
*  Three filtering modes are currently supported but the class can 
easily be extended
*  Mode int:   will return integer value or 0 if NULL or non-integer
*  Mode char:  strong character  filter that will remove any HTML or quotes
*  Mode text:  Use for text fields and will use the site HTML filtering 
functions and user allowable HTML returned as well as quotes
*
*  Data can be returned filtered or optionally prep'ed for DB or Web use
*  Usage Examples:
*  $filter = new sanitizer();
*
*  Example 1: Load up data to be filtered and then call method to return 
data prep'ed for DB, Web or default format
*  Better if you have a lot of data to filter and if you want to return 
it for DB and Web Presentation format

   $filter = new sanitizer();
   $charvars = array(
        'id'    => $_REQUEST['id'],
        'mode'  => $_REQUEST['mode']
    );
    $textvars = array(
        'title' => $_REQUEST['movietitle'],     // Able to change the 
key that will be used in filtered return array
        'desc'  => $_REQUEST['moviedesc'],
        'keywords'  => $_REQUEST['keywords'],
    );

    // Initialize the filter and load the data and types to be filtered
    $filter = new nexfilter();
    $filter->cleanData('char',$charvars);
    $filter->cleanData('text',$textvars);

    $dbData = $filter->getDbData();     // Filtered data is prep'ed for 
SQL use - addslashes added
    $webData = $filter->getWebData();  //  Filtered data like text 
filtered data with stripslashes already done

    $title = $dbData['title'];
    DB_query("UPDATE {$_TABLES['media']} SET title='{$dbData['title']} 
WHERE id='{$dbData['id']}'");


* Example 2:  Define the variables to be filtered, mode and returns 
sanitized data
* Not able to specify SUPER GLOBAL to filter data from unless you call 
multiple methods
* but you can specify multiple filtering modes. Methods for GET, POST, 
REQUEST and COOKIE

  $filter = new sanitizer();
  $clean = $filter->cleanPostData(array('movietitle' => 'text', 'id' => 
'int'));
  DB_query("UPDATE {$_TABLES['media']} SET title='{$clean['movietitle']} 
WHERE id='{$clean['id']}'");

* Example 3: Pass in multiple variables but a single filtering mode
  $clean = $filter->getCleanData('text', array('title' => 
$_POST['movietitle'],'desc' => $_POST['moviedesc'] ));

* Example 4: Pass in a single variable to sanitize
  $id = $filter->getCleanData('int',$_GET['id']);

*  How to extend allowable types - add a new function
*  Example Type: Int -- function _cleanInt(), so adding a function 
called _cleanDate could be added for a date filter

*/



More information about the geeklog-devel mailing list