Page 1 of 1

ASP (Jscript) rewritten to PHP

Posted: Tue Dec 29, 2009 7:17 pm
by high street
I am trying to rewrite this ASP/Jscript code to PHP so I can use it on my web site. It is part of a form generated by Top Producer. Here is the Jscript part:

Code: Select all

 
<%@LANGUAGE="JScript" %>
<%
    // Write a user entered value into the HTML page safely.
    function writeSafeValue( sName ) {
        var sValue;
        sValue = "" + Request.QueryString( sName ) + "";
        try {
            if( typeof( sValue ) == "string" ) {
                if( sValue != "undefined" ) {
                    // Do net let the user attempt to input HTML Code or
                    // SSI (Server Side Include) directives.
                    sValue = sValue.replace( /</g, "<" );
                    sValue = sValue.replace( />/g, ">" );
                    sValue = sValue.replace( /\"/g, """ );
                }
                else {
                    sValue = "";
                }
            }
        } catch( e ) {
            // Catch and display any errors that occur.
            Response.Write( "writeValue( "" + sName + "" ) ERROR " + e.number + ": " + e.description + " - sValue: " + sValue );
            sValue = "";
        }
 
 
        Response.Write( sValue );
    }
%>
 

Anyone here good at converting ASP to PHP? I'm a bit of a noob and have been Googling operators and syntax for days to no avail. I COULD spend weeks learning PHP (which is a given) however I would really like to finish this project sooner than that. Any help is greatly appreciated!

Re: ASP (Jscript) rewritten to PHP

Posted: Tue Dec 29, 2009 7:45 pm
by requinix
writeSafeValue can be replaced with a single call to htmlspecialchars, though htmlentities is generally better (does the work of htmlspecialchars and more).

Re: ASP (Jscript) rewritten to PHP

Posted: Tue Dec 29, 2009 8:59 pm
by omniuni
Oh wow! All that for htmlentities()!

:rofl:

Re: ASP (Jscript) rewritten to PHP

Posted: Tue Dec 29, 2009 9:22 pm
by McInfo

Code: Select all

<?php
function writeSafeValue ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = htmlentities($_GET[$name]);
    }
    echo $value;
}
Edit: This post was recovered from search engine cache.

Re: ASP (Jscript) rewritten to PHP

Posted: Tue Dec 29, 2009 9:47 pm
by omniuni
McInfo, should it also have stripslashes?

Code: Select all

<?php
function writeSafeValue ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = stripslashes(htmlentities($_GET[$name]));
    }
    echo $value;
}
?>

Re: ASP (Jscript) rewritten to PHP

Posted: Wed Dec 30, 2009 12:45 am
by McInfo
It should; but only if magic_quotes_gpc is enabled. Another improvement is to echo a return value rather than echo from within the function.

Code: Select all

function getCleanGet ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = $_GET[$name];
        if (1 == get_magic_quotes_gpc()) {
            $value = stripslashes($value);
        }
        $value = htmlentities($value);
    }
    return $value;
}
echo getCleanGet('example');
Edit: This post was recovered from search engine cache.

Re: ASP (Jscript) rewritten to PHP

Posted: Wed Dec 30, 2009 8:41 am
by omniuni
Very nice, McInfo! I was thinking that, about the return, but I thought there might be some reason that he wanted a printout, and not a returned value.

Re: ASP (Jscript) rewritten to PHP

Posted: Wed Dec 30, 2009 12:50 pm
by high street
McInfo wrote:It should; but only if magic_quotes_gpc is enabled. Another improvement is to echo a return value rather than echo from within the function.

Code: Select all

function getCleanGet ($name) {
    $value = '';
    if (isset ($_GET[$name])) {
        $value = $_GET[$name];
        if (1 == get_magic_quotes_gpc()) {
            $value = stripslashes($value);
        }
        $value = htmlentities($value);
    }
    return $value;
}
echo getCleanGet('example');


Thanks McInfo! That did the trick. So all that jscript code was reduced by about 70%... wow. And htmlentities seems extremely easy to use. Thanks everyone.

Re: ASP (Jscript) rewritten to PHP

Posted: Wed Dec 30, 2009 3:11 pm
by daedalus__
http://php.net/manual/en/security.magicquotes.php wrote:Warning

This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

Re: ASP (Jscript) rewritten to PHP

Posted: Wed Dec 30, 2009 3:30 pm
by high street
daedalus__ wrote:
http://php.net/manual/en/security.magicquotes.php wrote:Warning

This feature has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

Is there another feature that replaced it, or another solution? Can I just use the code posted above without the MagicQuotes reference?

Re: ASP (Jscript) rewritten to PHP

Posted: Wed Dec 30, 2009 4:13 pm
by daedalus__
what?

turn off magic quotes if it is on.

Re: ASP (Jscript) rewritten to PHP

Posted: Wed Dec 30, 2009 6:48 pm
by omniuni
How's this work for you?

Code: Select all

function getCleanGet ($varName) {
     return htmlentities(strip_tags($_GET[$varName]));
}
echo getCleanGet('my_get_variable_name');