phpgroupware-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-developers] New safe_args() function in the API


From: Dan Kuykendall
Subject: [Phpgroupware-developers] New safe_args() function in the API
Date: Sat, 11 Jan 2003 00:49:10 -0800
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2) Gecko/20021126

I added a new function which I hope can be used by just about every function in phpGW. For now I am using it througout the new ACL class (which is now working but needs to be filled out a little more).

The function is called safe_args and will make the params for a function more flexible and secure.

Example function:
function somefunc()
{
$expected_args[0] = Array('name'=>'fname','default'=>'joe', 'type'=>'string');

$expected_args[1] = Array('name'=>'mname','default'=>'hick', 'type'=>'string');

$expected_args[2] = Array('name'=>'lname','default'=>'bob', 'type'=>'string');

 $recieved_args = func_get_args();
 $args = safe_args($expected_args, $recieved_args,__LINE__,__FILE__);
echo 'Full name: '.$args['fname'].' '.$args['fname'].' '.$args['lname'].'<br>';
 //default result by running without any params would be:
 // Full name: joe hick bob<br>
}
                
Using this it is possible to use the function in any of the following  ways:

somefunc('jack','city','brown');

or

somefunc(array('fname'=>'jack','mname'=>'city','lname'=>'brown'));

or
                
somefunc(array('lname'=>'brown','fname'=>'jack','mname'=>'city'));
                
The last one shows that when using named params in an array you dont have to follow any order. All three would result in -

Full name: jack city brown<br>
                
When you use this method of handling params you can secure your functions as well offer flexibility needed for both normal use and web services use.

It is flexible because of the ways the function can be used, which lends itself to use from PHP in a normal somefunc('jack','city','brown'); format as well as from a web service interfaces like XML-RPC and SOAP which will need to pass named arrays.

It is secure because each input param passes thru the sanitize() function to validate the data and make sure it is valid and *safe*.

It is powerful because by using it we can trap errors for better logging as well as offer more features to handle various input tricks.

If you have params that are required just set the default as ##REQUIRED##

Users of your functions can also use ##DEFAULT## to use your default value for a param when using the standard format like this:

somefunc('jack','##DEFAULT##','brown');

This would result in - Full name: jack hick brown<br>

Its using the default value for the second param. Of course if you have the second param as a required field it will fail to work.

Seek3r





reply via email to

[Prev in Thread] Current Thread [Next in Thread]