your ultimate input data filter?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

your ultimate input data filter?

Post by maliskoleather »

Another post got me thinking about this...

If you had(have) a function that parses and cleans, and otherwise generally handles, anything that a user threw at it, what would you want it to do? That way, you only had to do something like

Code: Select all

$var=userDataFilter($_POST['foo']);
and feel perfectly safe about that vars content?

I'm not asking about using already existing functions, or even looking for sample code. I'm just curious about concepts.
cleaning bad html, parsing emoticons, stripping db escape chars, etc.
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Post by Chris Corbyn »

Your question doesn't really make any sense because without knowing what you're escaping the data for you cannot know how to escape it. Are you cleaning for SQL, or for HTML?
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

im not asking how to clean anything...

what i want to know, is if you had a function, that in theory could do whatever you wanted with users data, what would you want it to do?
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

It's all about cleaning for the target data format. There's a really good section in the O'Reilly book "Building Scalable Web Sites" that talks about this in great detail. PM me your email for an excerpt.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

cleaning bad html
Ah, that sounds like a job for HTML Purifier!

d11wtq and Kieran are right: a function like userDataFilter() could not possibly exist because it wouldn't know what to do. There are many different types of filtering and validation one can do.

BTW: FMA! Great show.
User avatar
maliskoleather
Forum Contributor
Posts: 155
Joined: Tue May 15, 2007 2:19 am
Contact:

Post by maliskoleather »

heh. i know its couldnt possibly work in reality. im not even going to try and make it... lol. I'm just thinking hypothetically. if it were possible and so on and so on
User avatar
kyberfabrikken
Forum Commoner
Posts: 84
Joined: Tue Jul 20, 2004 10:27 am

Re: your ultimate input data filter?

Post by kyberfabrikken »

maliskoleather wrote: If you had(have) a function that parses and cleans, and otherwise generally handles, anything that a user threw at it, what would you want it to do? That way, you only had to do something like

Code: Select all

$var=userDataFilter($_POST['foo']);
and feel perfectly safe about that vars content?
How about:

Code: Select all

$var = $_POST['foo'];
I feel perfectly safe about that.
Post Reply