[geeklog-devtalk] Re: geeklog-devtalk digest, Vol 1 #258 - 3 msgs

[Blaine Lang]

Wim Wrote:

> However, in order to avoid code-looping thru GET and POST variables,

> as described by Blaine hereunder,  there could be an addition:

I agree Wim, I am just filtering the expected POST and GET vars right now. I
have used the array_walk function as well, but then only used the expected
variables and still only refer to them as $HTTP_POST_VARS or $HTTP_GET_VARS
until I assign it to a local simpler named variable.

I was wondering if we used a class and registered the script variables that
way.

$myfilter = new COM_filter;
$myfilter->_censor = true;
$myfilter ->_jsfilter = true;
$myFilter->setPostVars = array (
    'postvar1' => 'numeric'),
    'postvar2' => 'text'),
    'postvar3' => ' default);
$myFilter->setGetVars = array ('getVar1' => 'numeric');
$sanitized = $myFilter->dofilter();

There also could be methods to call to just santize a passed variable.
This way we could have one class file that we maintain for filtering and
extend the availble filters over time.

Anyways, this is just a thought I had -- and if it can be made so that its
not too complex to use.

Cheers,
Blaine.

----- Original Message ----- 
From: "Wim Niemans ri" <remy at pbsolo.nl>
To: <geeklog-devtalk at lists.geeklog.net>
Sent: Sunday, February 29, 2004 8:13 AM
Subject: [geeklog-devtalk] Re: geeklog-devtalk digest, Vol 1 #258 - 3 msgs



> The COM_applyFilter is a great addition.

> However, in order to avoid code-looping thru GET and POST variables,

> as described by Blaine hereunder,  there could be an addition:

>     COM_getFilteredHttp(str name) (or a similar name)

> which does this looping before calling COM_applyFilter. In the

> application code it is only one instruction, which makes the

> application code more readable. It still gives the freedom to do

> filtering otherwise.

> Any core code can start with the call for any variable used. Side-

> effect is than a better documentation.

>

> Cheers,

> wim niemans

>

> On 28 Feb 2004 at 12:00, geeklog-devtalk-request at lists.geeklog.net wrote:

>

> > I often use the same variable name for GET and POST for something like

> > "what operation" is being performed. Sometimes you have links which

> > trigger an operation but in the same application there may be a form. I

> > have been using $op to indicate the operation (add/delete/edit etc ...)

> > and use code like this:

> >

> > if (isset($HTTP_POST_VARS['op']) ) {

> >     $op = clubApplyFilter($HTTP_POST_VARS['op']);

> > } elseif (isset($HTTP_GET_VARS['op']) ) {

> >     $op = clubApplyFilter($HTTP_GET_VARS['op']);

> > } else {

> >     $op = '';

> > }

> >

> > I first check the POST for a request and then the GET string. This is a

> > repeatitive piece of code as I may have other common used variables like

> > recid, mode, page, sortoption etc. Example: Page navigation needs to

pass

> > page# and Sort options in the URL string but I also need to pass these

> > variable in forms if I want to return the user to same view.

> >

> > I have been thinking, it would be nice to be have a common function that

> > would filter all the POST and GET vars. It is possible to walk the

arrays

> > and maybe send it a list of variables to clean  - using array_walk().

> >

>

>

> _______________________________________________

> geeklog-devtalk mailing list

> geeklog-devtalk at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devtalk