Re: [PHP] multiple forms one page
On Aug 27, 2012, at 12:08 AM, Rosie Williams rosiemariewilli...@hotmail.com
wrote:
Hi all,
I am a newbie to PHP. I have several php forms which were originally on
separate pages now included in the one page. Each form had the following code
in it:
function mysql_fix_string($string){ if (get_magic_quotes_gpc()) $string =
stripslashes($string);return mysql_real_escape_string($string);}
function mysql_entities_fix_string($string){ return
htmlentities(mysql_fix_string($string));}
However I am only able to include it in one of the forms on the new page with
multiple scripts due to the fatal error that I can only declare the function
once. So for testing I have commented these lines out of the other scripts. I
need to know what the security implications of this are? Do the scripts that
do not contain these lines run without it or is it included automatically
every time the database is accessed regardless of which script is accessing
it?
If not how do I deal with it?
thanks in advanceRosie
My advice -- place your common functions into one file (i.e., functions.php)
and:
include_once(includes/functions.php);
At the start of every script that needs any of the functions contained therein.
As for rolling several forms into one, here are some of the ways I do it:
http://sperling.com/php/step/
http://sperling.com/php/submit/
Cheers,
tedd
PS: If anyone see's anything in error, please feel free to correct me. As a
very talented harmonica player once said Sometimes I suck and sometime I blow.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] multiple forms one page
Hi all,
I am a newbie to PHP. I have several php forms which were originally on
separate pages now included in the one page. Each form had the following code
in it:
function mysql_fix_string($string){ if (get_magic_quotes_gpc()) $string =
stripslashes($string);return mysql_real_escape_string($string);}
function mysql_entities_fix_string($string){return
htmlentities(mysql_fix_string($string));}
However I am only able to include it in one of the forms on the new page with
multiple scripts due to the fatal error that I can only declare the function
once. So for testing I have commented these lines out of the other scripts. I
need to know what the security implications of this are? Do the scripts that do
not contain these lines run without it or is it included automatically every
time the database is accessed regardless of which script is accessing it?
If not how do I deal with it?
thanks in advanceRosie
Re: [PHP] multiple forms one page
On Sun, Aug 26, 2012 at 11:08 PM, Rosie Williams
rosiemariewilli...@hotmail.com wrote:
Hi all,
I am a newbie to PHP. I have several php forms which were originally on
separate pages now included in the one page. Each form had the following code
in it:
function mysql_fix_string($string){ if (get_magic_quotes_gpc()) $string =
stripslashes($string);return mysql_real_escape_string($string);}
function mysql_entities_fix_string($string){return
htmlentities(mysql_fix_string($string));}
However I am only able to include it in one of the forms on the new page with
multiple scripts due to the fatal error that I can only declare the function
once. So for testing I have commented these lines out of the other scripts. I
need to know what the security implications of this are? Do the scripts that
do not contain these lines run without it or is it included automatically
every time the database is accessed regardless of which script is accessing
it?
If not how do I deal with it?
thanks in advanceRosie
Hi, Rosie, welcome!
This is something you will likely encounter again, so it is good to
learn it now.
You can put the two functions into another php file, and include that
file in your main script using include_once or require_once (there is
a difference that you might want to read up on at some point). If you
include this before you start your form processing, the functions will
be available to you at the point you need them. You only need do this
once in the php script where you will be using them, so you can safely
delete all the other occurances of the function definitions.
The nice part is, really, that you can use that same include file in
other projects as you go along, saving retyping the code. This is
something that you may want to think about for other such functions as
well. Modularity and code reuse are one of the big ways to achieving
more efficiency in your work.
http://us.php.net/manual/en/function.include-once.php
http://us.php.net/manual/en/function.require-once.php
(cf. http://us.php.net/manual/en/function.require.php to learn how the
require differs from the include)
Best of luck,
Tamara
aka tamouse__
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] multiple forms one page
On Mon, Aug 27, 2012 at 12:08 AM, Rosie Williams
rosiemariewilli...@hotmail.com wrote:
Hi all,
I am a newbie to PHP. I have several php forms which were originally on
separate pages now included in the one page. Each form had the following code
in it:
function mysql_fix_string($string){ if (get_magic_quotes_gpc()) $string =
stripslashes($string);return mysql_real_escape_string($string);}
function mysql_entities_fix_string($string){return
htmlentities(mysql_fix_string($string));}
However I am only able to include it in one of the forms on the new page with
multiple scripts due to the fatal error that I can only declare the function
once.
You only have to declare the function(s) once, then you can use them
later in the page. You can also put code into files and then
dynamically include them in other files to make it easier to share
functionality.
So for testing I have commented these lines out of the other scripts. I need
to know what the security implications of this are?
For security, the simple rule (at least in terms of statement of
intent, not necessarily in terms of implementation) is that you should
validate input and escape output according to context. Without seeing
more code, it's hard to tell what this means for your particular
example.
Do the scripts that do not contain these lines run without it or is it
included automatically every time the database is accessed regardless of
which script is accessing it?
If not how do I deal with it?
thanks in advanceRosie
Hard to know from your example. There are some great resources
covering general PHP security practices that can help you get up to
speed a bit. Here's an oldie but goodie that might help shed some
light on some of the code you're seeing:
http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html
Happy learning!
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
