154 posts
  • Bought between 50 and 99 items
  • Europe
  • Exclusive Author
  • Grew a moustache for the Envato Movember competition
  • Has been a member for 5-6 years
  • Referred between 10 and 49 users
  • Sold between 10 000 and 50 000 dollars
themac says

@SplitV, for my example the var_dump doesn’t have the big advatage to echo

echo $sql = "bla";
is faster than
$sql = "bla";
var_dump($sql);
or
var_dump($sql = "bla");

my example only shows the possibilities of the = Operator – you could allocate values or variables to variables and the = returns values too, that’s the reason for the functioning of

$var1 = $var2 = "hello world";
and
echo $var1 = "hello world";

bye
mac

17 posts
  • Bought between 1 and 9 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Ireland
  • Referred between 1 and 9 users
darawebdesign says

Anyone got tips on sanitizing inputs?

443 posts
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 4-5 years
  • Sold between 1 000 and 5 000 dollars
  • United States
SplitV says

There is an article on Tut+ http://net.tutsplus.com/tutorials/php/getting-clean-with-php/

For earlier versions of php here are a few examples of things to use in validation and sanitation.

Validation….....

is_float

is_numeric

is_int

function is_bool($input)l{
return (in_array(strtolower($data), array(TRUE,FALSE,1,0)) ? 1 : 0;
}

function valid_email ($address) {
        return (preg_match('/^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$/', $address));
}
///Checks if the username contains any characters other then 0-9, letters, _,-,|,~,+,*
function valid_username($username) {
        return preg_match('/^[0-9a-zA-Z\s\_\-\|\~\+]+$/',$username);
}

Sanitation….......
////Sanitize int
function getInt($input){
        return intval($input); 
}
///Sanitize unsigned int
function getUInt($input){
        if(intval($input)<0){
            return 0;
        }
        else{
            return intval($input);
        }    
}

///Sanitize Number 
function getNumber($input){
        return strval($input)+0; 
}

///Sanitize Usigned Number 
function getUNumber($input){
        if((strval($input)+0)<0){
            return 0;
        }
        else{
            return strval($input)+0;
        }    
}

///Sanitize String
function getStr($input){
             return  trim(strval($input));
}
///Sanitize String NO TRIM
function getStrNoTrim($input){
             return  strval($input);
}
///Sanitize String NO HTML
function getNoHtml($input){
            return htmlspecialchars_uni(trim(strval($input)));
}
639 posts
  • Exclusive Author
  • Sold between 100 and 1 000 dollars
  • Bought between 10 and 49 items
  • Has been a member for 2-3 years
  • Haiti
Crakken says
Wow, I don’t know why this stopped but something in my mind told me that I shall continue this. Here’s a simple trick I’ve been using on all my projects:
Instead of using regex (regular expression) to make sure a string is an email, use filter_var, it’s much easier:
if (filter_var("insert email here", FILTER_VALIDATE_EMAIL)) {
    // Do something if it's an email   
        } else {
   // Do something else if it's not
}

Replace “insert email here” with the email address, it can be a variable too.
So, if you are like me, if you don’t like regex, this can be useful.
I will post a PHP tip/trick here everyweek or any day I get the time.

973 posts
  • United Kingdom
  • Attended a Community Meetup
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Sold between 5 000 and 10 000 dollars
  • Has been a member for 3-4 years
  • Envato Studio (Microlancer) Beta Tester
  • Bought between 100 and 499 items
  • Referred between 10 and 49 users
  • Exclusive Author
aaranmcguire says

Wow, I don’t know why this stopped but something in my mind told me that I shall continue this. Here’s a simple trick I’ve been using on all my projects:
Instead of using regex (regular expression) to make sure a string is an email, use filter_var, it’s much easier:
if (filter_var("insert email here", FILTER_VALIDATE_EMAIL)) {
    // Do something if it's an email   
        } else {
   // Do something else if it's not
}
Replace “insert email here” with the email address, it can be a variable too.
So, if you are like me, if you don’t like regex, this can be useful.
I will post a PHP tip/trick here everyweek or any day I get the time.

I got one up…

function validEmail($email){
    if (filter_var($email, FILTER_VALIDATE_EMAIL)){
        list($user,$domain) = explode('@',$email);
        return checkdnsrr($domain, 'MX');
    } 
    return false;
}

This way if i type hfisjf@fnisdsi.com it will return false.

167 posts
  • Australia
  • Sold between 10 000 and 50 000 dollars
  • Bought between 10 and 49 items
  • Exclusive Author
  • Has been a member for 3-4 years
  • Referred between 10 and 49 users
michaeldale says


Wow, I don’t know why this stopped but something in my mind told me that I shall continue this. Here’s a simple trick I’ve been using on all my projects:
Instead of using regex (regular expression) to make sure a string is an email, use filter_var, it’s much easier:
if (filter_var("insert email here", FILTER_VALIDATE_EMAIL)) {
    // Do something if it's an email   
        } else {
   // Do something else if it's not
}
Replace “insert email here” with the email address, it can be a variable too.
So, if you are like me, if you don’t like regex, this can be useful.
I will post a PHP tip/trick here everyweek or any day I get the time.

I got one up…

function validEmail($email){
    if (filter_var($email, FILTER_VALIDATE_EMAIL)){
        list($user,$domain) = explode('@',$email);
        return checkdnsrr($domain, 'MX');
    } 
    return false;
}
This way if i type hfisjf@fnisdsi.com it will return false.

Nice idea. But email can still work without an MX record. Email servers will fall back to the root A record if there is no MX record. So this might cause issues

973 posts
  • United Kingdom
  • Attended a Community Meetup
  • Repeatedly Helped protect Envato Marketplaces against copyright violations
  • Sold between 5 000 and 10 000 dollars
  • Has been a member for 3-4 years
  • Envato Studio (Microlancer) Beta Tester
  • Bought between 100 and 499 items
  • Referred between 10 and 49 users
  • Exclusive Author
aaranmcguire says

Nice idea. But email can still work without an MX record. Email servers will fall back to the root A record if there is no MX record. So this might cause issues

True, but I dont think thats done often… but still it would save the junk domains… because people are now smart enough to know how email addresses are formatted and people know you usually need to type a email for it to submit correctly.

639 posts
  • Exclusive Author
  • Sold between 100 and 1 000 dollars
  • Bought between 10 and 49 items
  • Has been a member for 2-3 years
  • Haiti
Crakken says


Nice idea. But email can still work without an MX record. Email servers will fall back to the root A record if there is no MX record. So this might cause issues
True, but I dont think thats done often… but still it would save the junk domains… because people are now smart enough to know how email addresses are formatted and people know you usually need to type a email for it to submit correctly.

Yeah, that was great. Thanks :)

by
by
by
by
by
by