ASP (Jscript) rewritten to PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
high street
Forum Newbie
Posts: 3
Joined: Tue Dec 29, 2009 7:11 pm

ASP (Jscript) rewritten to PHP

Post by high street »

I am trying to rewrite this ASP/Jscript code to PHP so I can use it on my web site. It is part of a form generated by Top Producer. Here is the Jscript part:

Code: Select all

 
<%@LANGUAGE="JScript" %>
<%
    // Write a user entered value into the HTML page safely.
    function writeSafeValue( sName ) {
        var sValue;
        sValue = "" + Request.QueryString( sName ) + "";
        try {
            if( typeof( sValue ) == "string" ) {
                if( sValue != "undefined" ) {
                    // Do net let the user attempt to input HTML Code or
                    // SSI (Server Side Include) directives.
                    sValue = sValue.replace( /</g, "<" );
                    sValue = sValue.replace( />/g, ">" );
                    sValue = sValue.replace( /\"/g, """ );
                }
                else {
                    sValue = "";
                }
            }
        } catch( e ) {
            // Catch and display any errors that occur.
            Response.Write( "writeValue( "" + sName + "" ) ERROR " + e.number + ": " + e.description + " - sValue: " + sValue );
            sValue = "";
        }
 
 
        Response.Write( sValue );
    }
%>
 

Anyone here good at converting ASP to PHP? I'm a bit of a noob and have been Googling operators and syntax for days to no avail. I COULD spend weeks learning PHP (which is a given) however I would really like to finish this project sooner than that. Any help is greatly appreciated!
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: ASP (Jscript) rewritten to PHP

Post by requinix »

writeSafeValue can be replaced with a single call to htmlspecialchars, though htmlentities is generally better (does the work of htmlspecialchars and more).
User avatar
omniuni
Forum Regular
Posts: 738
Joined: Tue Jul 15, 2008 10:50 pm
Location: Carolina, USA

Re: ASP (Jscript) rewritten to PHP

Post by omniuni »

Oh wow! All that for htmlentities()!

:rofl:
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: ASP (Jscript) rewritten to PHP

Post by McInfo »

Code: Select all

<?php
function writeSafeValue ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = htmlentities($_GET[$name]);
    }
    echo $value;
}
Edit: This post was recovered from search engine cache.
Last edited by McInfo on Thu Jun 17, 2010 3:59 pm, edited 1 time in total.
User avatar
omniuni
Forum Regular
Posts: 738
Joined: Tue Jul 15, 2008 10:50 pm
Location: Carolina, USA

Re: ASP (Jscript) rewritten to PHP

Post by omniuni »

McInfo, should it also have stripslashes?

Code: Select all

<?php
function writeSafeValue ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = stripslashes(htmlentities($_GET[$name]));
    }
    echo $value;
}
?>
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: ASP (Jscript) rewritten to PHP

Post by McInfo »

It should; but only if magic_quotes_gpc is enabled. Another improvement is to echo a return value rather than echo from within the function.

Code: Select all

function getCleanGet ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = $_GET[$name];
        if (1 == get_magic_quotes_gpc()) {
            $value = stripslashes($value);
        }
        $value = htmlentities($value);
    }
    return $value;
}
echo getCleanGet('example');
Edit: This post was recovered from search engine cache.
Last edited by McInfo on Thu Jun 17, 2010 4:00 pm, edited 1 time in total.
User avatar
omniuni
Forum Regular
Posts: 738
Joined: Tue Jul 15, 2008 10:50 pm
Location: Carolina, USA

Re: ASP (Jscript) rewritten to PHP

Post by omniuni »

Very nice, McInfo! I was thinking that, about the return, but I thought there might be some reason that he wanted a printout, and not a returned value.
high street
Forum Newbie
Posts: 3
Joined: Tue Dec 29, 2009 7:11 pm

Re: ASP (Jscript) rewritten to PHP

Post by high street »

McInfo wrote:It should; but only if magic_quotes_gpc is enabled. Another improvement is to echo a return value rather than echo from within the function.

Code: Select all

function getCleanGet ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = $_GET[$name];
        if (1 == get_magic_quotes_gpc()) {
            $value = stripslashes($value);
        }
        $value = htmlentities($value);
    }
    return $value;
}
echo getCleanGet('example');


Thanks McInfo! That did the trick. So all that jscript code was reduced by about 70%... wow. And htmlentities seems extremely easy to use. Thanks everyone.
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Re: ASP (Jscript) rewritten to PHP

Post by daedalus__ »

http://php.net/manual/en/security.magicquotes.php wrote:Warning

This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.
high street
Forum Newbie
Posts: 3
Joined: Tue Dec 29, 2009 7:11 pm

Re: ASP (Jscript) rewritten to PHP

Post by high street »

daedalus__ wrote:
http://php.net/manual/en/security.magicquotes.php wrote:Warning

This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

Is there another feature that replaced it, or another solution? Can I just use the code posted above without the MagicQuotes reference?
User avatar
daedalus__
DevNet Resident
Posts: 1925
Joined: Thu Feb 09, 2006 4:52 pm

Re: ASP (Jscript) rewritten to PHP

Post by daedalus__ »

what?

turn off magic quotes if it is on.
User avatar
omniuni
Forum Regular
Posts: 738
Joined: Tue Jul 15, 2008 10:50 pm
Location: Carolina, USA

Re: ASP (Jscript) rewritten to PHP

Post by omniuni »

How's this work for you?

Code: Select all

function getCleanGet ($varName) {
     return htmlentities(strip_tags($_GET[$varName]));
}
echo getCleanGet('my_get_variable_name');
Post Reply