Home arrow PHP arrow Page 3 - Sanitizing User Input for an MVC-based Framework in PHP 5

Building a basic input class - PHP

In this fourth part of the series, I show you how to provide this sample MVC-driven framework with the ability to sanitize user input by way of a basic input class.

TABLE OF CONTENTS:
  1. Sanitizing User Input for an MVC-based Framework in PHP 5
  2. The framework's current source files
  3. Building a basic input class
  4. Listing the framework's full source code
By: Alejandro Gervasio
Rating: starstarstarstarstar / 2
June 14, 2010

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

For this particular project, the input class that I'm going to build in the following lines will be basically a wrapper or proxy for accessing variables within the $_GET and $_POST PHP superblobal arrays. Its driving logic will be inspired partially by the input class provided by the Kohana framework, so let me give the corresponding credits to its development team.  

Naturally, in production environments, this class should be improved to offer more thorough protection against XSS and SQL injection attacks. Having explained that, please study the definition of the class, which is as follows:

class Input

{

                private static $instance = NULL;

               

                // get Singleton instance of Input class

                public static function getInstance()

                {

                                if (self::$instance === NULL)

                                {

                                                self::$instance = new self;

                                }

                                return self::$instance;

                }

               

                // get $_GET variable

                public static function get($var = NULL)

                {

                                if (!isset($_GET[$var]))

                                {

                                                return $var;

                                }

                                return mysql_escape_string(trim($_GET[$var]));

                }

               

                // get $_POST variable

                public static function post($var = NULL)

                {

                                if (!isset($_POST[$var]))

                                {

                                                return $var;

                                }

                                return mysql_escape_string(trim($_POST[$var]));

                }

}// End Input class

As I said a moment ago, the brand new "Input" class implements a basic API that allows you to access GET and POST data in a truly simple fashion. Also, notice that this class defines a static "getInstance()" method that returns a Singleton instance of it, which can be used as a single access point to the class across the whole framework. However, in a typical situation this class should be used only statically.

Now that you hopefully understood how the input class does its thing, I'm going to show you the updated source code of the framework, logically including the file that contains this last class.

This will be done in the last segment of this tutorial, so simply click on the link below and keep reading.



 
 
>>> More PHP Articles          >>> More By Alejandro Gervasio
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

PHP ARTICLES

- Hackers Compromise PHP Sites to Launch Attac...
- Red Hat, Zend Form OpenShift PaaS Alliance
- PHP IDE News
- BCD, Zend Extend PHP Partnership
- PHP FAQ Highlight
- PHP Creator Didn't Set Out to Create a Langu...
- PHP Trends Revealed in Zend Study
- PHP: Best Methods for Running Scheduled Jobs
- PHP Array Functions: array_change_key_case
- PHP array_combine Function
- PHP array_chunk Function
- PHP Closures as View Helpers: Lazy-Loading F...
- Using PHP Closures as View Helpers
- PHP File and Operating System Program Execut...
- PHP: Effects of Wrapping Code in Class Const...

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: