Zero-Affect Posted May 8, 2010 Author Posted May 8, 2010 Lol people have there own preference... Quote
Spudinski Posted May 9, 2010 Posted May 9, 2010 Better yet, forget idiocy. Don't use anything, it's defaulted by the browser to the same page(in forms), takes less time and for this sole purpose much more effective. 1 Quote
sniko Posted May 9, 2010 Posted May 9, 2010 In forms i do if(isset($_POST['bla'])) { //stuff } else { echo "<form action='#' method='post'> //caryy on and for links i do [url='?p=bla']Bla[/url] Quote
Danny696 Posted May 9, 2010 Posted May 9, 2010 for forms i do if(isset($_POST['what'])) { //what exit($h->endpage()); } echo'<form action="" method="post">'; Quote
Zero-Affect Posted May 9, 2010 Author Posted May 9, 2010 and a example of my forms... $_GET['var'] = ( isset($_GET['var']) && is_string($_GET['var']) && ctype_alnum($_GET['var']) ) ? $_GET['var'] : 0 ; if ( !empty($_GET['var']) ) { # Do something... } else { echo ' <form action="'.build_link(index, true).'" method="get"> <input type="text" name="var" value="" /> <input type="submit" value="submit" /> </form> '; } Some people on here are still making the mistake i simply posted this since no one else with the "common knowledge" did... 1 Quote
Danny696 Posted May 9, 2010 Posted May 9, 2010 $_GET['var'] = ( isset($_GET['var']) && is_string($_GET['var']) ) ? $_GET['var'] : 0 ; i have that at the top of the page :P Quote
Zero-Affect Posted May 9, 2010 Author Posted May 9, 2010 $_GET['var'] = ( isset($_GET['var']) && is_string($_GET['var']) && ctype_alnum($_GET['var']) ) ? $_GET['var'] : 0 ; I made a minor mistake a quick noob one but i guess if you have that at the top of all your files cool Quote
Spudinski Posted May 9, 2010 Posted May 9, 2010 I'd never take something like that into production, simply because I want to know what the user did. Also, many, many... scripts isn't compatible with that - each should filter it's own input. Also, on the forms tip that everyone seems to use as well: you can leave out the action attribute, it's treated the same as an empty attribute. <form method="post"> <input type="text" ...> <input type="submit ...> </form> Quote
Djkanna Posted May 9, 2010 Posted May 9, 2010 $_GET['var'] = ( isset($_GET['var']) && is_string($_GET['var']) ) ? $_GET['var'] : 0 ; i have that at the top of the page :P I would use false there or an empty string not a zero but yeah.. Quote
Spudinski Posted May 9, 2010 Posted May 9, 2010 True, false would be more wise. Actually, a regular expession would do a lot better. $_GET['variable'] = (!ereg('[^0-9A-Za-z]', $_GET['variable'])) ? $_GET['variable'] : false; I'm really not good with regular expressions, but to my knowledge it will only accept letters and numbers. Quote
Zero-Affect Posted May 10, 2010 Author Posted May 10, 2010 I do have to admit FALSE would be better but using ereg wouldn't $_GET['variable'] = ( isset($_GET['variable']) && is_string($_GET['variable']) &&!preg_match('[^0-9A-Za-z]', $_GET['variable']) ) ? $_GET['variable'] : false; Would be a hell of a lot more reliable. Quote
Spudinski Posted May 10, 2010 Posted May 10, 2010 I prefer the singe expression, it would validate correctly. This is because; isset(val) - will return true if any data is found is_string(val) - will also return true Whereas a single ereg check would do exactly the same, and check integers(ID's etc.). By my knowledge extracting data from the GET global returns a string, and things like ID's returns an integer. So in theory, your sample might be invalid. Quote
Zero-Affect Posted May 10, 2010 Author Posted May 10, 2010 in practice would work, weird like communism i guess lol Quote
CrazyT Posted May 10, 2010 Posted May 10, 2010 [...] $_GET['var'] = ( isset($_GET['var']) && is_string($_GET['var']) && ctype_alnum($_GET['var']) ) ? $_GET['var'] : 0 ; [...] As for using is_string() & ctype_alnum here you only really need to use one, ctype_alnum only if you want to use A-Za-z for validation and is_string only checks to see if its a string, but using both to gether is point less here as ctype_alnum will already check to see if its a string. Quotes from the manual are below. php.net/ctype_alnum Checks if all of the characters in the provided string, text, are alphanumeric. In the standard C locale letters are just [A-Za-z]. php.net/is_string Finds whether the type given variable is string. Quote
CrazyT Posted May 10, 2010 Posted May 10, 2010 By my knowledge extracting data from the GET global returns a string, and things like ID's returns an integer. So in theory, your sample might be invalid. Your right, it does return a string on post/get/cookie, unless they have been changed by editing the view source, or the uri. Example.. <input type="text" name="user" /> Can be changed to something like <input type="text" name="user[]" /> Thats why is_string is used or (string) Quote
Spudinski Posted May 10, 2010 Posted May 10, 2010 var_dump is such a useful function. It even checks my if statements. :) //normally if ((empty($int) || $int > 5) && !empty($_POST['number'])) { ... } // debug var_dump((empty($int) || $int > 5) && !empty($_POST['number'])); // output: bool But, to conclude: I think the moral lesson one learns here is not to use PHP_SELF, and if you have to, use a regular expression to validate it. Quote
Zero-Affect Posted May 10, 2010 Author Posted May 10, 2010 and it took 42 (counting mine) posts to explain basically what is said in the first post... lol we have skills! Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.