SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Zealot
    Join Date
    Oct 2005
    Posts
    109
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    help with error checking class.

    Hi. I'm reviewing an error checking method here at http://www.intranetjournal.com/artic...10_08_04a.html


    I need help understanding this code -
    Code:
    	// validate something's been entered
    	// Note: only this method does nothing to prevent SQL injection 
    	// use with addslashes() command 
    	function validateGeneral ($theinput, $description = '') {
    		if (trim($theinput) != "") {
    			return true;
    		} else {
    			$this->errors[] = $description; 
    			return false; 
    		}
    	}
    What does this do or mean: if (trim($theinput) != "")

  2. #2
    SitePoint Addict
    Join Date
    Nov 2006
    Posts
    206
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by allistar343 View Post
    Hi. I'm reviewing an error checking method here at http://www.intranetjournal.com/artic...10_08_04a.html


    I need help understanding this code -
    Code:
    	// validate something's been entered
    	// Note: only this method does nothing to prevent SQL injection 
    	// use with addslashes() command 
    	function validateGeneral ($theinput, $description = '') {
    		if (trim($theinput) != "") {
    			return true;
    		} else {
    			$this->errors[] = $description; 
    			return false; 
    		}
    	}
    What does this do or mean: if (trim($theinput) != "")
    that means that after you've trimed the variable input (which removes the spaces that my have been entered before and after the field such as " hello " would become "hello") and the != means not equal... so after you've trimed the spaces it's checking to see if there is any input in the variable rather than having an empty one.
    for example a user could input " ", once trim it equals "", so it's verifying to see if there is an input.

  3. #3
    SitePoint Wizard stereofrog's Avatar
    Join Date
    Apr 2004
    Location
    germany
    Posts
    4,324
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by allistar343 View Post
    Hi. I'm reviewing an error checking method here at http://www.intranetjournal.com/artic...10_08_04a.html
    I took a quick look at this article. I'd suggest you forget it as soon as possible. First, it's completely outdated, second, the guy had absolutely no clue on what he's talking about.

    PHP Code:
    // Create an SQL query (MySQL version)
    // The 'addslashes' command is used 5 lines below for added security
    // Remember to use 'stripslashes' later to remove them (they are inserted in front of any
    // special characters

    $insertQuery "INSERT INTO cmsarticles (title,tagline,section,thearticle) VALUES (".
    "'".$HTTP_POST_VARS['title']."', ".
    "'".$HTTP_POST_VARS['tagline']."', ".
    $HTTP_POST_VARS['section'].", ".
    "'".addslashes($HTTP_POST_VARS['thearticle'])."')"
    What a shame!

  4. #4
    SitePoint Zealot
    Join Date
    Oct 2005
    Posts
    109
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for information.

    Know of any other tutorials that teach you to create a CMS from the ground up? the tutorial above at least taught me some good points on OO programming.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •