prepping mysql output function?

Dolemite50

Hello,

I have been using a function provided by laser to prep input and output into mysql.


//Input:
function prepIn($input) { 
$input = trim($input); 
if (!get_magic_quotes_gpc()) { 
return addslashes($input); 
} 
return $input; 
} 

//I also use this to avoid pasted Word Chars in some areas:
$patterns = array ("/&/","/'/","/‘/","/’/","/\"/","/“/","/”/","/–/","/—/","/>/","/</");
$replacements = array ("&amp;","'","'","'","\"","\"","\"","-","-","&gt;","&lt;");

//Ouput:
function prepOut($input) { 
$input = stripslashes($input); 
return htmlspecialchars($input); 
}
{

Here's my question; I have several tables and some of them may have 20 columns so I find myself typing this alot:

SELECT stitle, sdescr.... from table
$row = mysql_fetch_assoc($rs);				
$stitle = prepOut($row['stitle']);					
$sdescr = prepOut($row['sdescr']);

I am hoping for a way to make that process a little more automated with a function. The variables are always named after the columns so I would like to be able to SELECT everything from a table, apply the prepOut function to that array, then setup a variable named after each column in the table while assigning the data to it. In other words; a function to do the above example without having to type:
$stitle = prepOut($row['stitle']);
$sdescr = prepOut($row['sdescr']);
..all the time.

Also,..some items are just integers and won't require being prepped, so would it be too much unnecessary overhead to be applying these functions to items where not needed?

Thanks for any advice.

coreyp_1

have you considered using mysql_real_escape_string() ?

not quite complete function example:

function savetime($query) {
  $rs = mysql_query($query);
  $row = mysql_fetch_assoc($rs);				
  global $stitle;
  $stitle = prepOut($row['stitle']);					
  global $sdescr;
  $sdescr = prepOut($row['sdescr']);
}

Weedpacket

As long as prepping doesn't damage numeric data, [man]array_map[/man] will do whatever function you specify to every element of an array (even if it does damage numeric data, a quick [man]is_numeric[/man] test at the start of the function can take care of that).

It may also be worth considering keeping the data in an array instead of lots of individual variables, but if not, then [man]extract[/man] is another function to look at.

Dolemite50

Thanks guys!

Coreyp, I'm sure your method would work but if I have to declare a function for all of the variables in all of my queries it contradicts my lazy dream-code. 🙂

WP, at the risk of sounding like a brown-noser; I want to let you know that I'm extremely grateful you're on the site. You've helped me so much both directly and indirectly that I feel I owe you a beer the size of Kansas if I ever run into you. How the heck do you do it? I've seen your responses to every PHP topic under the sun. "Can I get GD help?"...BAM!!!! "Can I get normalization help?"...BAM!!! "What's a multi-dimensional array?"---BAM!!!! Can anybody help me knit a sweater made purely of PHP??? BAMMM!!!! I'm sure I speak on behalf of thousands of people when I say that you're generous nature is much appreciated. Hat's off.

About your response; would the function I posted be at risk of being a "numeric data damager?" I'm not sure what you mean when you said "as long as it doesn't damage..". Are there different environments where a stripslash would damage and others where it would not?

I had a look at the array_map and I think I may have found just what I'm looking for in the good ol' comments. I've been struggling with getting a grasp on this so if you find the time can you please let me know if this function is pointing me in the right direction?

Thanks again. 🙂

.
<?php
function array_smart_map($callback) {
   // Initialization
   $args = func_get_args() ;
   array_shift($args) ; // suppressing the callback
   $result = array() ;

   // Validating parameters
   foreach($args as $key => $arg)
       if(is_array($arg)) {
           // the first array found gives the size of mapping and the keys that will be used for the resulting array
           if(!isset($size)) {
               $keys = array_keys($arg) ;
               $size = count($arg) ;
           // the others arrays must have the same dimension
           } elseif(count($arg) != $size) {
               return FALSE ;
           }
           // all keys are suppressed
           $args[$key] = array_values($arg) ;
       }

   // doing the callback thing
   if(!isset($size))
       // if no arrays were found, returns the result of the callback in an array
       $result[] = call_user_func_array($callback, $args) ;
   else
       for($i=0; $i<$size; $i++) {
           $column = array() ;
           foreach($args as $arg)
               $column[] = ( is_array($arg) ? $arg[$i] : $arg ) ;
           $result[$keys[$i]] = call_user_func_array($callback, $column) ;
       }

   return $result ;

}
?>

Trying with :

<?php
// $_GET is ?foo=bar1-bar2-bar3&bar=foo1
print_r(array_smart_map('explode', '-', $_GET)) ;
?>

Returns :

array(
   [foo] => array(
       0 => bar1
       1 => bar2
       2 => bar3
   )

   [bar] => array(
       1 => foo1
   )
)

batman

WP, at the risk of sounding like a brown-noser; I want to let you know that I'm extremely grateful you're on the site. You've helped me so much both directly and indirectly that I feel I owe you a beer the size of Kansas if I ever run into you. How the heck do you do it? I've seen your responses to every PHP topic under the sun. "Can I get GD help?"...BAM!!!! "Can I get normalization help?"...BAM!!! "What's a multi-dimensional array?"---BAM!!!! Can anybody help me knit a sweater made purely of PHP??? BAMMM!!!! I'm sure I speak on behalf of thousands of people when I say that you're generous nature is much appreciated. Hat's off.

It's now been about 9 months since ive been around this place looking for things i could help out with but i would totally have to agree with above statement. It's the kind helpful people that make up this board!!!

Weedpacket

Dolemite50 wrote:
help me knit a sweater made purely of PHP???

I'm crap at knitting (and sewing machines scare me) - but I have seen it done (Warning: content may offend some viewers).

Oh, yeah, you had a question as well 🙂

Dolemite50 wrote:
About your response; would the function I posted be at risk of being a "numeric data damager?" I'm not sure what you mean when you said "as long as it doesn't damage..". Are there different environments where a stripslash would damage and others where it would not?

I was speaking in general terms there. Specifically? No, a numeric string would get through what you're doing there unscathed (Digits, the occasional decimal point ... if someone is getting funky there may be a + or - or e in there - none of which would be altered at all by the transformations going on.) And just a comment on whether checking extra fields means added overhead ... naaahhh ... deciding whether or not a field needs to be checked would probably incur about the same cost anyway and complicate the code at the same time.

batman

LMAO!!! nice...

Dolemite50

Weedpacket wrote:
.

"Hey WP,..can you point me to some new Wallpaper?? BAAAMMMM!!!!!!"