|
PHP - What Is Considered Oop Php
I know what OOP PHP is but I can't grasp it exactly in relation to a website. For instance in order to be considered OOP PHP would all your pages need to be "webpage" objects with variables like "header", "footer" and "content" and then passing all the pages html to this class.
Would it still be considered OOP PHP if the html of the webpage was written out for each page (assume we are coding a car dealership) and only objects like "car" and "salesman" were created. Similar TutorialsI am trying to code a error callback using php and ajax. What I cannot get past is, I am assinging a variable to a $_POST in PHP to check for an empty value. If empty, then trigger error message. However, jquery is passing the post to php as carton%5B0%5D:carton%5B1%5D:. Would php see this as an empty post? What are these numbers etc after carton? carton is actually an array. If I do elseif(!empty($carton)) then the message is triggered. This is strange bearing in mind that the input values are empty at submit stage. thanks This is the code that jquery uses to create an input from a slider change event. Code: [Select] for(var i = 0;i < $(this).val();i++) { $("#carton").append('<div data-role="fieldcontain"><label for="carton" class="ui-input-text">Enter box ' + (i + 1) + ' number:</label><input type="text" name="carton['+i+']" id="carton['+i+']" class="carton ui-input-text ui-body-null ui-corner-all ui-shadow-inset ui-body-c" /></div>') } sample php code Code: [Select] $carton = $_POST['carton']; elseif(empty($carton)) { //set the response $response_array['status'] = 'error'; $response_array['message'] = 'You must enter a carton for retrieveal'; //if no errors } <?
// Bank Version 1.0.0 21-05-2014 Desmond O'Toole.
include ("secure/SecureFunctions.php");
include ("secure/SecureFunctionsLibAdmin.php");
session_start();
Session_Init();
$page = "Bank_EE Doc";
define ('hostname16', 'xxx'); // Des-otoole.co.uk
define ('username16', 'xxx');
define ('password16', 'xxx');
define ('database16', 'xxx');
function myErrorHandler($errno, $errstr, $errfile, $errline)
{
switch ($errno) {
case E_USER_ERROR:
$_SESSION['MyError'] = "Gotcha: <br>$errstr<br>$errfile<br>$errline";
mailtoX('Error', $errstr,$_SESSION['MyError']);
$redirect = "Location: myerror.php";
header($redirect);
exit(0);
break;
case E_USER_WARNING:
echo "This is your last warning";
break;
case E_USER_NOTICE:
echo "This is your final warning";
break;
default:
echo "Just go away";
break;
}
/* Don't execute PHP internal error handler */
return true;
}
$old_error_handler = set_error_handler("myErrorHandler");
function connectDB($db)
{
$host = hostname16;
$user = username16;
$pass = password16;
$data = database16;
if(!$link = @mysql_connect($host, $user, $pass))
trigger_error('Can\'t connect to server: ('. $db . ')', E_USER_ERROR);
if(!$database = @mysql_select_db($data, $link))
trigger_error('Can\'t select database on: (' . $db . ')', E_USER_ERROR);
}
connectDB(CURRENT_DB);
echo "Hi there";
?>
Hi this coding works on another website although I have reduced it down here for clarity. I have had my website moved to another server and I can't connect now.If there is a better way? I was given this coding from someone on this website about 4 years ago. I didn't want to use a strait connect because when there was difficulty connecting to the database I received an error giving me and any hacker all the details of the database server. This was to be a more controlled access. Edited by ignace, 09 June 2014 - 01:34 PM. Hi,
I've noticed that many members routinely recommend intval() for “sanitizing” user input. I think this is a very bad idea for a couple of reasons:
PHP integers are stored in 32 bits or 64 bits depending on the platform. This is not enough to cover all MySQL integer types. For example, a 32-bit PHP integer can neither hold an INT UNSIGNED nor a BIGINT. And even a 64-bit PHP integer cannot hold a BIGINT UNSIGNED. That's obviously a problem and can lead to very nasty truncation bugs.
Silently changing the user input is very confusing and potentially harmful. Let's say the user tries to delete a record, but the provided ID is not numeric. This is clearly an error. Either the user has entered a wrong value, or there's an application bug. In any case, the request cannot be processed safely and should be rejected. What the intval() does instead is turn the invalid input into a “random” ID and pass it on to the database system to delete the record. Bad idea!
Many people already struggle to understand the difference between mysql_real_escape_string(), addslashes(), htmlentities(), filter_var() etc. Now we have yet another function in the ever-growing pool of “sanitize” functions. This doesn't really help.
So I think intval() should never be used for data “sanitization”. Just use the appropriate escape function like mysql_real_escape_string().
|
|||||||