Icy Phoenix

     
 


Post new topic  Reply to topic 
Page 1 of 1
 
 
Reply with quote Download Post 
Post More Questions About Sanitizing? 
 
Hey fella's,

I'm sure I read somewhere that this abs((int) is deprecated

Code: [Download] [Hide] [Select]
$userid = abs((int) $_POST['userid']);


Would this be its replacement?

Code: [Download] [Hide] [Select]
$userid = intval($_POST['userid']);


And things like these, do they need to be protected?

flag ID is an int
The rest are either names or files?

Code: [Download] [Hide] [Select]
$flagID = $row['flag_id'];

$flag_name = $row['flag_name'];
$flag_image = $row['flag_image'];

$template_name = $row['template_name'];
$style_name = $row['style_name'];


So what's the go - Do they all need to be done with either intval( for integers and either mysql_real_escape_string( for the names and files or is something else more appropriate for the names and files?
 



 
mortSend private message  
Back to topPage bottom
Icy Phoenix is an open source project, you can show your appreciation and support future development by donating to the project.

Support us
 
Reply with quote Download Post 
Post Re: More Questions About Sanitizing? 
 
If that's related to IP (or phpBB3), you should use request_var.

It uses the second argument's type to coerce the value. For example, `request_var('foo', 0)` will always return an integer, because "0" is an integer
 




____________
IcyPhoenix ADR RPGEzArena (modded phpBB2+ADR)
 
InformproSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: More Questions About Sanitizing? 
 
Thank you my friend, but no, it's not for IP or phpBB - It's that games script that I've decided to go back to and clean it up some.
 



 
mortSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: More Questions About Sanitizing? 
 
Alright, fair enough -- Then I think you should use some function like that anyway ;-).

With request_var:

Code: [Download] [Hide]
  1. $id = request_var('id', 0); 


Without:

Code: [Download] [Hide]
  1. $id = isset($_GET['id']) ? intval($_GET['id']) : 0; 


It's just far cleaner throughout the code.
 




____________
IcyPhoenix ADR RPGEzArena (modded phpBB2+ADR)
 
InformproSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: More Questions About Sanitizing? 
 
Thank you my friend  

The request_var didn't work (undefined) but the other one works a treat - And now I've got enough to keep me busy for a few days.

And just so that I can complete each page without going back over them, I have but one last question (For Now)  

Would it be wise to at least add mysql_real_escape_string( or something else to these vars  

Code: [Download] [Hide] [Select]
$flagID = $row['flag_id'];

$flag_name = $row['flag_name'];
$flag_image = $row['flag_image'];

$template_name = $row['template_name'];
$style_name = $row['style_name'];

 



 
mortSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: More Questions About Sanitizing? 
 
Right – `request_var` isn't a php function, but you should be able to "steal it" easily.

For your last question, no, I don't think it's wise to mysql_real_escape_string here. I think you should only use that function when you're inserting stuff in the DB.

(and BTW, I'd probably use a function "on top of" `mysql_real_escape_string`, like IP has `$db->sql_escape()`, so that if you need to change the database later it'll be easy. You might want to look into php's PDO)
 




____________
IcyPhoenix ADR RPGEzArena (modded phpBB2+ADR)
 
InformproSend private message  
Back to topPage bottom
Reply with quote Download Post 
Post Re: More Questions About Sanitizing? 
 
Quote:
but you should be able to "steal it" easily.


HAHAHA! "Steal?"  Finding it would be something else!  I'd have to load ALL the function files with notepad++ to have any chance.

But this -> `$db->sql_escape()`, I need to have a look at because I'd like to go to PDO and anything I can do a step at a time to get this mess modernised - I'll do it.

And thanks for your help too!  

Because I'm in the position where I'm too old to be reading about everything that I want to do, although I DO read a lot before I ask any questions, but it takes so long to find the right info when someone like your self jumps onto it straight away.

Let's face it - I'm too bloody old to make a future out of knowing everything about php.  

So I just need the bits that I'm stuck on.  

Tell you what I don't want to do though - And that's add stuff that is at the moment strictly used by phpBB - I just want to stick with the stuff that's in general use.

 
 



 
mortSend private message  
Back to topPage bottom
Post new topic  Reply to topic  Page 1 of 1
 


Display posts from previous:    

HideWas this topic useful?

Link this topic
URL
BBCode
HTML




 
Permissions List
You cannot post new topics
You cannot reply to topics
You cannot edit your posts
You cannot delete your posts
You cannot vote in polls
You cannot attach files
You can download files
You cannot post calendar events


  

 

  cron