Lost your password?

Data Filtering!

Posted by killainstnct

Ok, something I’m trying to get right at the moment is data sanitization. now. filter_var is a great function but it lacks certain things, firstly the numbers/flags are a pain to remember.

For this particular reason, I wrote this function. It is called like anything else in a static class (in my case, my config class, just for the sake of being able to call it anywhere) and an example use is config::filterall($var, ’string’) where $var =”<b> hello </b> “; it would only return hello.

This function is well documented and easy to edit, so go ahead.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

		public static function filterall($var, $type='') {
			if($type == 'string') {						        #if type is set to string run this
				$var = filter_var($var, FILTER_SANITIZE_STRING);	                #removes certain chars, this is to help prevent people putting html into their names etc.
				$var = filter_var($var, FILTER_SANITIZE_SPECIAL_CHARS);		#removes the chars that contribute to tags and turns them into things like &amp; becomes &amp;
			}
			if($type == 'int') {								#if type is set to int run this
				$check = filter_var($var, FILTER_VALIDATE_INT);			#checks if the var is a valid integer
				if($check == false) {						#if var is NOT a valid integer continue to sanitize
					$var = filter_var($var, FILTER_SANITIZE_NUMBER_INT);		#sanitize input to just collect numbers within inputed string.
				}
				str_replace('+', '', $var);						#theres no need for a + in the ints I will be using.
				str_replace('-', '', $var);						#once again, no need for a - in the ints I will be using.
				str_replace('.', '', $var);						#if I need decimal points I will use float instead of int.
			}
			if($type == 'float') {								#if type is set to float run this
				$check = filter_var($var, FILTER_VALIDATE_FLOAT);			#check if the var is a valid float
				if($check == false) {						#if var is NOT a valid float continue to sanitize
					$var = filter_var($var, FILTER_SANITIZE_NUMBER_FLOAT);		#sanitize the var so it becomes a valid float.
				}
				str_replace('+', '', $var);						#once again, no need for + signs
				str_replace('-', '', $var);						#no need for - signs
			}
			if($type == 'email') {							#if type is set to email run this
				$check = filter_var($var, FILTER_VALIDATE_EMAIL);			#check if var is a valid email
				if($check == false) {						#continues to sanitize if not a valid email
					$var = filter_var($var, FILTER_SANITIZE_EMAIL);		#sanitize to make valid email. need to add extra here just in case of 'false-positives'
				}
			}
			if($type == 'ip') {								#if type is set to ip run this
				$check = filter_var($var, FILTER_VALIDATE_IP);			        #checks IP against both IPv4 and IPv6
				if($check == false) {						#if not v4 or v6 compliant IP, continues to sanitize.
					str_replace(':', '.', $var);					#because FILTER_VAR_SANITIZE_NUMBER_INT gets rid of : signs, it needs to be replace with a . which is left behind.
					$var = filter_var($var, FILTER_SANITIZE_NUMBER_INT);		#sanitizes the IP string after having its :'s replaced assuming its an IPv6 IP.
					if(strlen($var) > 15) {					#standard IP(IPv4) is no longer than 15 chars(000.000.000.000) so assuming IPv6 is much longer, continue.
						str_replace('.', ':', $var);				#if its an IPv6 address(2001:0db8:85a3:08d3:1319:8a2e:0370:7334) then replace all the .'s we changed earlier back to :'s
					}
				}
			}
			if($type == 'boolean') {							#if type is set to boolean run this
				$check = filter_var($var, FILTER_VALIDATE_BOOLEAN);			#check to see if its a valid boolean true/false, 0/1, yes/no etc or else return NULL
				if($check == NULL) {						#if returns NULL continue
					$var = '';							#give var value of nothing, meaning if done correctly the method/function/query won't go ahead due to lack of input.
				}
			}
			return $var;								#return the final var.
		}//end function filterall

Stuff Is Messed Up

Posted by killainstnct

Ok. I’m hella hella busy at the moment.

  • trying to launch my new portfolio site asap – http://www.alistair.co.nz
  • trying to sort out my life, and fix up all the messed up school work from the entire year, theres a fair bit here that doesnt work correctly, or hasnt been submitted. Its really worrying me but meh.
  • I have to get started on this website for geekstore.co.nz very soon. like this week, wednesday at the latest. luckily alot of my code is pre-written so this shouldnt be very hard to do.

there, thats whats crackin with me. problems everywhere. gota jet cos I gota get these sorted.