Re: [PHP] Stripslashes redundancy question.

2010-10-24 Thread Adam Richardson 
On Sun, Oct 24, 2010 at 6:29 PM, Gary gp...@paulgdesigns.com wrote:

 In my form processing scripts, I usually have the variable set as so:

 $email = stripslashes($_POST['email']);

 I have discovered that the program that I use has a pre-written function of
 this:

 // remove escape characters from POST array
 if (get_magic_quotes_gpc()) {
  function stripslashes_deep($value) {
$value = is_array($value) ? array_map('stripslashes_deep', $value) :
 stripslashes($value);
return $value;
}
  $_POST = array_map('stripslashes_deep', $_POST);
  }

 I just put this in a script that I have been using, leaving the original
 stripslashes in the variable. The script still works, but is there a
 problem
 with redundancy, or does one cancel the other out?

 Also, which do you think is a better method to use?

 Thank you

 Gary



 __ Information from ESET Smart Security, version of virus signature
 database 5560 (20101024) __

 The message was checked by ESET Smart Security.

 http://www.eset.com





 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, visit: http://www.php.net/unsub.php


Hi Gary,

Calling stripslashes() more than once on the same string can cause issues.
 That said, I'd point out that as of PHP 5.3, the use of magic_quotes_gpc()
has been deprecated:
http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpc

http://www.php.net/manual/en/info.configuration.php#ini.magic-quotes-gpcThis
was after many criticisms were leveled against the use of magic quotes:
http://en.wikipedia.org/wiki/Magic_quotes

So, my inclination is to turn off magic quotes if they're on by using
php.ini -OR- htaccess  (if at all possible) rather than checking if they are
on and strip them if needed.

Adam

-- 
Nephtali:  PHP web framework that functions beautifully
http://nephtaliproject.com

Re: [PHP] I need some thoughts on code duplication and separation

2010-10-24 Thread Rico Secada 
On Thu, 21 Oct 2010 10:55:14 -0400
Paul M Foster pa...@quillandmouse.com wrote:

 On Thu, Oct 21, 2010 at 04:05:50AM +0200, Rico Secada wrote:
 
  Hi.
  
  I am working on a small system where I am both trying to avoid code
  duplication and at the same time I am trying to keep the
  presentation logic separated from the application logic.
  
  I am using sessions and are avoiding headers already sent problem
  by keeping the HTML out of the application.
  
  For example, I would like to have a common header.php file, but it
  is difficult to create this since one file needs to have some
  specific Javascript located in the head /head tags, but the
  other files doesn't need this.
  
  Another file needs to have a specific onload call in the body
  tag, while yet another file also needs to have an onload call,
  but with different attributes.
  
  I have been looking around in other systems to see what kinds of
  solutions are being used - as inspiration.
  
  I have been thinking about the following solutions:
  
  1. Create only ONE header.php file that contains a lot of
  conditionals depending on what file is including it - the output of
  HTML/Javascript changes.
  
  I believe this would turn into a very ugly hack. Difficult to
  maintain.
 
 Not really. Here's what I do. I have a page controller which defines
 variables and such, and then calls the header.php file. The page
 controller will contain something like this:
 
 $meta['jsfiles'] = 'onload.js';
 
 The header.php will contain code like this:
 
 ?php if (!empty($meta['jsfiles'])): ?
 ?php include $meta['jsfiles']; ?
 ?php endif; ?
 
 The page controller can also contain a variety of other settings,
 like:
 
 $meta['content'] = 'cust_add.php';
 
 and the header.php will contain:
 
 ?php include $meta['content']; ?
 
 This directs the proper internal content for the header.php, which is
 really like a template file.
 
 Also remember that at the bottom of the page controller, you do a like
 like this:
 
 include 'header.php';
 
 You can change this as you like for any given page controller.
 
 Paul
 
 -- 
 Paul M. Foster

Thanks Paul! It's a nice way to do it.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Reminder On Mailing List Rules

2010-10-24 Thread Paul M Foster 
On Fri, Oct 22, 2010 at 12:35:43PM -0400, tedd wrote:

 At 4:54 PM -0400 10/21/10, Marc Guay wrote:
 Toilet seat.  Up or down.  Same thing?  Sort of.
 
 No, everything down (seat and top) is the rule in my house.
 
 You should see how women often react when I tell them to put the top
 down -- it's like my dog hearing a high note.

I used to do that just to aggravate women who hassled me about leaving
the seat up. I've softened a bit in my old age, and no longer insist on
it.

Paul

-- 
Paul M. Foster

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Best practice for if (!$stmt-execute())

2010-10-24 Thread Rico Secada 
Hi.

I have been doing like this:

if (!$stmt-execute()) {
return false;
} else {

... some code

return true;
OR
return $foo; // Some int, string, whatever.

}

I am thinking about changing the return false with a:

if (!$stmt-execute()) {
die(DB_ERROR);

This way making sure that every single db execute gets a valid check
and at the same time return some kind of valuable db error to the user
and end the script.

How do you deal with db execution checks?

Thanks in advance!

Best regards.

Rico.


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php