Instead if working directly with $_GET, $_POST etc you pass it an array of items you're expecting to receive on a page, along with their types (int, numeric, float, string, array...). You can optionally pass it a PCRE pattern to match and a specific location to look in (GET, POST...). The default is to look in REQUEST (yuck).
If values do not satisfy the requirements you asked for they are nulled, but can still be accessed by getRaw('variable_name'). Access items normally using getVar('variable_name');
Pass a multidimensional array to expectData() like this:
array (
array( string varName, string varType [, string match [, string requestLocation] ] )
)
This would be easy to convert to PHP4 since the construct does nothing here and the private/public keywords can be adjusted accordingly.
Code: Select all
<?php
/*
A basic class for sanitizing data being received over HTTP
in PHP Super Globals.
Author: d11wtq (Chris Corbyn)
Date: 2006-04-19
License: None. You can use it freely, edit it, sell it, print it,
burn it, feed it to your cat... I don't care
*/
class htDataHandler
{
private
$htVars = array(),
$rawVars = array(),
$expectVars = array(), //Variable names
$expectLocs = array(), //POST, GET, COOKIE, REQUEST, SESSION
$expectTypes = array(), //Data types
$expectMatches = array(); //PCRE
public function __construct()
{
//
}
public function expectData($array)
{
foreach ($array as $k => $a)
{
if (is_array($a) && sizeof($a) >= 2)
{
$params = array_values($a);
$this->addVar($params, $k);
$this->addLoc($params, $k);
$this->addMatch($params, $k);
$this->addType($params, $k);
}
}
$this->validate();
}
public function getVar($v)
{
if (isset($this->htVars[$v])) return $this->htVars[$v];
}
public function getRaw($v)
{
if (isset($this->rawVars[$v])) return $this->rawVars[$v];
}
private function validate()
{
foreach ($this->expectVars as $k => $v)
{
//It seems this is needed for variable variable in the superglobal scope
global ${$this->expectLocs[$k]};
if (isset(${$this->expectLocs[$k]}[$v]))
{
$tmp = ${$this->expectLocs[$k]}[$v]; //Read it but don't use it yet
$this->rawVars[$v] = $tmp;
if ($this->expectTypes[$k] && !$this->checkType($tmp, $this->expectTypes[$k])) $tmp = null;
if ($this->expectMatches[$k] && !$this->checkMatch($tmp, $this->expectMatches[$k])) $tmp = null;
$this->htVars[$v] = $tmp;
}
else
{
$this->htVars[$v] = null;
$this->rawVars[$v] = null;
}
}
}
private function checkType($v, $type)
{
switch (strtolower($type))
{
case 'str':
case 'string': return is_string($v);
case 'int':
case 'integer': return is_int($v);
case 'float': return is_float($v);
case 'double': return is_double($v);
case 'array': return is_array($v);
case 'object': return is_object($v);
case 'numeric': return is_numeric($v);
}
return false;
}
private function checkMatch($v, $pattern)
{
if (preg_match($pattern, $v)) return true;
else return false;
}
private function addVar($a, $k)
{
if (isset($a[0])) $this->expectVars[$k] = $a[0];
else $this->expectVars[$k] = null;
}
private function addType($a, $k)
{
if (isset($a[1])) $this->expectTypes[$k] = $a[1];
else $this->expectTypes[$k] = null;
}
private function addMatch($a, $k)
{
if (!empty($a[2])) $this->expectMatches[$k] = $a[2];
else $this->expectMatches[$k] = null;
}
private function addLoc($a, $k)
{
if (!empty($a[3])) $this->expectLocs[$k] = $this->getLocation($a[3]);
else $this->expectLocs[$k] = $this->getLocation(0);
}
private function getLocation($loc)
{
switch (strtolower($loc))
{
case 'get':
case '$_get':
case '_get': return '_GET';
//
case 'post':
case '$_post':
case '_post': return '_POST';
//
case 'cookie':
case '$_cookie':
case '_cookie': return '_COOKIE';
//
case 'session':
case '$_session':
case '_session': return '_SESSION';
//
case 'request':
case '$_request':
case '_request':
default: return '_REQUEST';
}
}
}
?>Code: Select all
/*
array (
array( string varName, string varType [, string match [, string requestLocation] ] )
)
*/
$a = array(
array('foo', 'string', '/^foo\d{2}$/i', 'get'),
array('bar', 'numeric')
);
$handler = new htDataHandler;
$handler->expectData($a);
echo $handler->getVar('foo');
echo $handler->getVar('bar');
echo $handler->getRaw('foo');