1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

PHP Question(s)

Discussion in 'Programming & Webmastering' started by Msap14, Nov 4, 2011.

  1. Msap14 New Member

    Joined:
    Nov 11, 2008
    Messages:
    156 (0.05/day)
    Thanks Received:
    10
    Location:
    US
    hey all,

    i am teaching myself a bit of PHP and have a question to ask...

    the book i have shows the following:

    function sanitizeString($var)
    {
    $var = strip_tags($var)
    $var = htmlentities($var);
    $var = stripslashes($var);
    return mysql_real_escape_string($var);
    }

    what is the importance of all the $var variables? :confused:
    does this stack values on a single variable?
    why/how do you start naming a variable $var as strip_tags with another $var in parenthesis?

    the book doesn't say, it is a rather simple book, just teaching the basics and this is part of an exercise.
     
  2. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    18,954 (6.37/day)
    Thanks Received:
    8,193
    Location:
    IA, USA
    $var contains the input.

    For example, if $var was equal to "Hello world!<br/>\\a>b\\r\\nYay!":

    After $var = strip_tags($var), $var would equal "Hello world!\\a>b\\r\\nYay!"
    After $var = htmlentities($var), $var would equal "Hello world!\\a&gt;b\\r\\nYay!"
    After $var = stripslashes($var), $var would equal "Hello world!\a&gt;b\r\nYay!"
    After $var = mysql_real_escape_string($var), $var would equal "Hello world!\\a&gt;b\\r\\nYay!"

    Effectively, it is making whatever is sent through it injection-proof.
     
    Last edited: Nov 4, 2011
    Msap14 says thanks.
    Crunching for Team TPU
  3. Msap14 New Member

    Joined:
    Nov 11, 2008
    Messages:
    156 (0.05/day)
    Thanks Received:
    10
    Location:
    US
    makes sense since the function is named sanitizeString.

    Now i'm wondering why you would need 4 different variations?
    could it be just to show the different ways you could use the variable?
    i think all the variations are used throughout the entire example though.

    ill probably have more questions as i read through this book, so i apreciate the help so far.
     
  4. FordGT90Concept

    FordGT90Concept "I go fast!1!11!1!"

    Joined:
    Oct 13, 2008
    Messages:
    18,954 (6.37/day)
    Thanks Received:
    8,193
    Location:
    IA, USA
    Those four functions don't modify $var, they make a copy of it and return the modified input. Think of it like this:
    $ReturnvedValue = function($InputValue)

    By reusing $var, you're applying the changes to $var over and over. By the way, this would have the exact same output as the code you pasted:
    PHP:
    function sanitizeString($var) { return mysql_real_escape_string(stripslashes(htmlentities(strip_tags($var)))); }
     
    Crunching for Team TPU
  5. Thrackan

    Thrackan

    Joined:
    Oct 10, 2008
    Messages:
    3,482 (1.17/day)
    Thanks Received:
    656
    This function is used to strip several types of special values from an inputted string. This is used to counteract stuff like SQL injection, and makes sure that what you have left after you put your string through this function is just text.

    What it does (very basically):
    - Takes your input string, and stores it in the $var variable.
    - calls the strip_tags() function, which well, strips tags from a text string, and stores the result in $var
    (so $var now contains your input, minus any tags that were just stripped)
    - calls the htmlentities() function, which filters out any HTML-specific code someone might have entered in your input, and stores the result in $var
    (so now $var has been cleaned in 2 different ways already!)
    - same for the stripslashes() function
    - and last, but not least, the SQL stripper

    so it does not do 4 variations of the same, it sequentially processes all these four commands, each time updating the $var variable with the filtered result.
     
    Msap14 says thanks.
  6. Msap14 New Member

    Joined:
    Nov 11, 2008
    Messages:
    156 (0.05/day)
    Thanks Received:
    10
    Location:
    US
    whats the best way to go about styling a php website?

    should the style code go inside the the php or vise versa?
    how can i link a style sheet? (normal html linking doesn't seem to be working)
     
    Last edited: Dec 4, 2011
  7. Thrackan

    Thrackan

    Joined:
    Oct 10, 2008
    Messages:
    3,482 (1.17/day)
    Thanks Received:
    656
    CSS, all the way :)
    try using the include function
     
  8. xbonez New Member

    Joined:
    Nov 29, 2010
    Messages:
    1,182 (0.54/day)
    Thanks Received:
    315
    Location:
    Philly, PA (US)
    Within the head tag of your html or php page:

    Code:
    <link rel="stylesheet" href="style.css" />
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)