validation - Is it possible to force your PHP input variables to be strong typed -


when started off php, happy how php loosely typed , how easy learn. grew it, realized being loosely typed complicated scripts rather simplifying them. , looking ways strong type php variables, input variables ($_post, $_get, $_cookie, $_request , $_server vars).

also, validation , sanitizing hidden away in process can "forget" sql injection , many of other error prone validation processes. have rough sketch of how want be.

first declare variable. preferably in oop 

$varclass->post->variable_name->type('str', 'sql', 'email');    // or array   $_my_post['variable_name'] = array('str', 'sql', 'emiail');

now possibly drop undeclared variable predefined php globals , use variable type validate , sanitize them directly in global arrays.
set values of unvalidated variables emaill bool false , un-submitted null , use them during data validation. however, before went off , re-invented wheel hoping:

some 1 might direct me library helps solve issues?
if there reasons why shouldn't pursue on wild fantasy? better , more clear ways of achieving this?
, other general thoughts may have idea?

http://sourceforge.net/p/php7framework/wiki/input/

wraps superglobals per default, instantiate local objects $postfilter = new input($_post). it's supposed used manually this:

 $_post->email->sql["variable_name"]  $_post->array->int["order_list"]

and complains if sees $_post["raw"] access.

but can pre-define filter lists. centrally in class-definition. supposed add-on old applications, don't want manually go through code , rewrite strings enforce data formats or types:

 var $__rules = array(       "variable_name" => "email,sql",       "order_id" => "int,range:0:500",       "order_list" => "array,int",  );

but avoid ->sql escaping prematurely. if available pdo , parameterized sql should used. of course central escaping feature anyway better cautiosness.

also can define custom filters. picks global functions example.


Comments

Post a Comment

Popular posts from this blog

Add email recipient to all new Trac tickets -

is there configuration change can made trac send notification email address upon creation of new tickets? if can't done through config, plugin second best option, source code modification last resort. note: setting smtp_always_cc in notification section of tracini send messages on updates. i'm in need of email notifications only on creation of new ticket. does have email notification? 1 option have create query list ten (or many) recently-created tickets. when looking @ results of query, use "rss feed" button @ bottom of page subscribe feed notify whenever results of query updated.
Read more

asp.net - repeatedly call AddImageUrl(url) to assemble pdf document -

i'm using abcpdf , i'm curious if can recursively call addimageurl() function assemble pdf document compile multiple urls? something like: int pagecount = 0; int theid = thedoc.addimageurl("http://stackoverflow.com/search?q=abcpdf+footer+page+x+out+of+", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetochain(theid); } pagecount = thedoc.pagecount; console.writeline("1 document page count:" + pagecount); //flatten document (int = 1; <= pagecount; i++) { thedoc.pagenumber = i; thedoc.flatten(); } //now try again theid = thedoc.addimageurl("http://stackoverflow.com/questions/1980890/pdf-report-generation", true, 0, true); //assemble document while (thedoc.chainable(theid)) { thedoc.page = thedoc.addpage(); theid = thedoc.addimagetoc...
Read more

java - Android recognize cell phone with keyboard or not? -

in android app, want detect user's device if device has keyboard(like motorola milestone) , show corresponding user interface. guys know how that? ! regards justicepenny http://developer.android.com/reference/android/content/res/configuration.html public int keyboard the kind of keyboard attached device. 1 of: keyboard_nokeys, keyboard_qwerty, keyboard_12key. that's it!
Read more