[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-developers] New safe_args() function in the API
From: |
Dan Kuykendall |
Subject: |
[Phpgroupware-developers] New safe_args() function in the API |
Date: |
Sat, 11 Jan 2003 00:49:10 -0800 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2) Gecko/20021126 |
I added a new function which I hope can be used by just about every
function in phpGW. For now I am using it througout the new ACL class
(which is now working but needs to be filled out a little more).
The function is called safe_args and will make the params for a function
more flexible and secure.
Example function:
function somefunc()
{
$expected_args[0] = Array('name'=>'fname','default'=>'joe',
'type'=>'string');
$expected_args[1] = Array('name'=>'mname','default'=>'hick',
'type'=>'string');
$expected_args[2] = Array('name'=>'lname','default'=>'bob',
'type'=>'string');
$recieved_args = func_get_args();
$args = safe_args($expected_args, $recieved_args,__LINE__,__FILE__);
echo 'Full name: '.$args['fname'].' '.$args['fname'].'
'.$args['lname'].'<br>';
//default result by running without any params would be:
// Full name: joe hick bob<br>
}
Using this it is possible to use the function in any of the following ways:
somefunc('jack','city','brown');
or
somefunc(array('fname'=>'jack','mname'=>'city','lname'=>'brown'));
or
somefunc(array('lname'=>'brown','fname'=>'jack','mname'=>'city'));
The last one shows that when using named params in an array you dont
have to follow any order. All three would result in -
Full name: jack city brown<br>
When you use this method of handling params you can secure your
functions as well offer flexibility needed for both normal use and web
services use.
It is flexible because of the ways the function can be used, which lends
itself to use from PHP in a normal somefunc('jack','city','brown');
format as well as from a web service interfaces like XML-RPC and SOAP
which will need to pass named arrays.
It is secure because each input param passes thru the sanitize()
function to validate the data and make sure it is valid and *safe*.
It is powerful because by using it we can trap errors for better logging
as well as offer more features to handle various input tricks.
If you have params that are required just set the default as ##REQUIRED##
Users of your functions can also use ##DEFAULT## to use your default
value for a param when using the standard format like this:
somefunc('jack','##DEFAULT##','brown');
This would result in - Full name: jack hick brown<br>
Its using the default value for the second param. Of course if you have
the second param as a required field it will fail to work.
Seek3r
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-developers] New safe_args() function in the API,
Dan Kuykendall <=