PHP Tips & Tricks

@SplitV, for my example the var_dump doesn’t have the big advatage to echo

echo $sql = "bla";

$sql = "bla";
var_dump($sql);

var_dump($sql = "bla");

my example only shows the possibilities of the = Operator – you could allocate values or variables to variables and the = returns values too, that’s the reason for the functioning of

$var1 = $var2 = "hello world";

echo $var1 = "hello world";

bye
mac

Anyone got tips on sanitizing inputs?

There is an article on Tut+ http://net.tutsplus.com/tutorials/php/getting-clean-with-php/

For earlier versions of php here are a few examples of things to use in validation and sanitation.

Validation….....

is_float

is_numeric

is_int

function is_bool($input)l{
return (in_array(strtolower($data), array(TRUE,FALSE,1,0)) ? 1 : 0;
}

function valid_email ($address) {
        return (preg_match('/^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$/', $address));
}
///Checks if the username contains any characters other then 0-9, letters, _,-,|,~,+,*
function valid_username($username) {
        return preg_match('/^[0-9a-zA-Z\s\_\-\|\~\+]+$/',$username);
}

////Sanitize int
function getInt($input){
        return intval($input); 
}
///Sanitize unsigned int
function getUInt($input){
        if(intval($input)<0){
            return 0;
        }
        else{
            return intval($input);
        }    
}

///Sanitize Number 
function getNumber($input){
        return strval($input)+0; 
}

///Sanitize Usigned Number 
function getUNumber($input){
        if((strval($input)+0)<0){
            return 0;
        }
        else{
            return strval($input)+0;
        }    
}

///Sanitize String
function getStr($input){
             return  trim(strval($input));
}
///Sanitize String NO TRIM
function getStrNoTrim($input){
             return  strval($input);
}
///Sanitize String NO HTML
function getNoHtml($input){
            return htmlspecialchars_uni(trim(strval($input)));
}

if (filter_var("insert email here", FILTER_VALIDATE_EMAIL)) {
    // Do something if it's an email   
        } else {
   // Do something else if it's not
}

Replace “insert email here” with the email address, it can be a variable too.
So, if you are like me, if you don’t like regex, this can be useful.
I will post a PHP tip/trick here everyweek or any day I get the time.

Crakken said
Wow, I don’t know why this stopped but something in my mind told me that I shall continue this. Here’s a simple trick I’ve been using on all my projects:
Instead of using regex (regular expression) to make sure a string is an email, use filter_var, it’s much easier:

if (filter_var("insert email here", FILTER_VALIDATE_EMAIL)) {
    // Do something if it's an email   
        } else {
   // Do something else if it's not
}

Replace “insert email here” with the email address, it can be a variable too.
So, if you are like me, if you don’t like regex, this can be useful.
I will post a PHP tip/trick here everyweek or any day I get the time.

I got one up…

function validEmail($email){
    if (filter_var($email, FILTER_VALIDATE_EMAIL)){
        list($user,$domain) = explode('@',$email);
        return checkdnsrr($domain, 'MX');
    } 
    return false;
}

This way if i type hfisjf@fnisdsi.com it will return false.

aaranmcguire said

Crakken said
Wow, I don’t know why this stopped but something in my mind told me that I shall continue this. Here’s a simple trick I’ve been using on all my projects:
Instead of using regex (regular expression) to make sure a string is an email, use filter_var, it’s much easier:

if (filter_var("insert email here", FILTER_VALIDATE_EMAIL)) {
    // Do something if it's an email   
        } else {
   // Do something else if it's not
}

Replace “insert email here” with the email address, it can be a variable too.
So, if you are like me, if you don’t like regex, this can be useful.
I will post a PHP tip/trick here everyweek or any day I get the time.

I got one up…

function validEmail($email){
    if (filter_var($email, FILTER_VALIDATE_EMAIL)){
        list($user,$domain) = explode('@',$email);
        return checkdnsrr($domain, 'MX');
    } 
    return false;
}

This way if i type hfisjf@fnisdsi.com it will return false.

Nice idea. But email can still work without an MX record. Email servers will fall back to the root A record if there is no MX record. So this might cause issues

michaeldale said
Nice idea. But email can still work without an MX record. Email servers will fall back to the root A record if there is no MX record. So this might cause issues

True, but I dont think thats done often… but still it would save the junk domains… because people are now smart enough to know how email addresses are formatted and people know you usually need to type a email for it to submit correctly.

aaranmcguire said

michaeldale said
Nice idea. But email can still work without an MX record. Email servers will fall back to the root A record if there is no MX record. So this might cause issues

True, but I dont think thats done often… but still it would save the junk domains… because people are now smart enough to know how email addresses are formatted and people know you usually need to type a email for it to submit correctly.

Yeah, that was great. Thanks