|
PHP - Where Is Anti-formatting Performed?
Using MVC, the controller does some logic, gets data from the model, and the view presents the content.
Where should the reverse be performed?
For instance, I have an edit page which is pre-populated with values from the model, and the view changes 1000 to $1,000, 0.4 to 40%, and 2014-10-09 09:31:41 to 10/09/2014 09:31:41 AM.
Now I need to save the values, and must convert them back to their original format before doing so. Should this functionality be performed in the controller, model, or view?
Thanks
Similar TutorialsWhere should the validation take place? Several options include: In the Slim closure. i.e. $app->get('/', function(){/* validate before calling service */}) In the service. In the mapper. In the entity domain.I can easily create the standalone Validator class to validate scenarios such as whether a property is provided and whether it meets certain rules, however, other scenarios such as whether a record exists is closely linked to the mapper. Also, the entity does a good job confirming that the write properties are being provided. How important is it to locate validation at one place? Thanks
<?php
use \Psr\Http\Message\ServerRequestInterface as Request;
use \Psr\Http\Message\ResponseInterface as Response;
$c = new \Slim\Container();
$c['validator'] = function ($c) {};
$c['pdo'] = function ($c) {};
$c['resourceService'] = function ($c) {
return new Resource\ResourceService(
new Resource\ResourceMapper(
$c['pdo'],
$c['validator']
),
$c['validator']
);
};
$c['resourceResponder'] = function ($c) {};
$app = new \Slim\App($c);
$app->get('/someResource', function (Request $request, Response $response) {
return $this->resourceResponder->index($response, $this->resourceService->index($request->getQueryParams()));
});
$app->get('/someResource/{id:[0-9]+}', function (Request $request, Response $response, $args) {
return $this->resourceResponder->detail($response, $this->resourceService->read($args['id']));
});
$app->post('/someResource', function (Request $request, Response $response, $args) {
return $this->resourceResponder->create($response, $this->resourceService->create($request->getParsedBody()));
});
$app->put('/someResource/{id:[0-9]+}', function (Request $request, Response $response, $args) {
return $this->resourceResponder->update($response, $this->resourceService->update($args['id'], $request->getParsedBody()));
});
$app->delete('/someResource/{id:[0-9]+}', function (Request $request, Response $response, $args) {
return $this->resourceResponder->delete($response, $this->resourceService->delete($args['id']));
});
$app->run();
class ResourceService
{
protected $mapper, $validator;
public function __construct(Mapper $mapper, Validator $validator) {
$this->mapper = $mapper;
$this->validator = $validator;
}
public function index(array $params=[]):array {
$index = $this->mapper->index($params);
return $index;
}
public function read(int $id):Entity {
$entity = $this->mapper->read($id);
return $entity;
}
public function create(array $params):int {
$entity=$this->mapper->create($params);
$id=$this->mapper->save($entity);
return $id;
}
public function update(int $id, array $params):int {
$this->update->update($id, $params);
return $id;
}
public function delete(int $id):null {
$this->mapper->delete($id);
}
}
class ResourceMapper
{
protected $pdo, $validator;
public function __construct(\Pdo $pdo, Validator $validator) {
$this->pdo = $pdo;
$this->validator = $validator;
}
public function index(array $params=[]):array {
//query DB and return an array of Resources
}
public function read(int $id):Entity {
if(!$params=$this->queryDatabase($id)) {
throw new \Exception("ID $id does not exist");
}
return new Resource($params);
}
public function create(array $params):int {
//Or should the service create the entity?
return new ResourceEntity($params);
}
public function save(Entity $entity):int {
//Save the data. What if a duplicate error?
return $this->pdo->lastInsertId();
}
public function update(int $id, array $params):null {
//update database. What if id doesn't exist?
}
public function delete(int $id):null {
//Delete from DB. What if id doesn't exist or foreign key constraint?
}
}
class ResourceEntity
{
public function __construct(array $params, Validator $validator) {
//As applicable
}
}
I'm having trouble with a script and I just can't figure out what's wrong with it. The script is located at http://www.qlhosting.com/ham/check.php Here's the code for it <?php if (isset($_POST['submit'])) { $domain = $_POST['domain']; $password = md5($_POST['password']); include 'db.php'; mysql_query("SELECT * FROM apps WHERE domain='$domain' AND WHERE cpassmd5='$password' LIMIT 1"); $stat = $row['status']; } else { } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Quotaless Web Hosting | Check Status</title> <style type="text/css"> body,td,th { font-family: Arial, Helvetica, sans-serif; font-size: 12px; } </style> </head> <body> <h1>Check Application/Account Status</h1> <?php if ($stat="PENDING") { echo "<hr />"; echo "Your application is currently listed as PENDING. Our staff have not viewed your application yet. Please be patient, and watch your email for a response. Thank you!"; } elseif ($stat="NMI") { echo "<hr />"; echo "We need more information from you in order to take action on your application. Please check your e-mail inbox for a message from our staff specifically stating what we need. If you did not get this message, please post a message on our support forum. Thank you!"; } else { } ?> <hr /> <h2>To check the status of your application or account, login using the form below.</h2> <form id="check" name="check" method="post" action="<?php echo $PHP_SELF;?>"> <p>Domain: <input type="text" name="domain" id="domain" /> <br /> Password: <input type="password" name="password" id="password" /> <br /> <input type="submit" name="button" id="button" value="Check" /> </p> </form> <hr /> <p> </p> </body> </html> The part under if ($stat="PENDING") is performed upon page load, even when the if condition relating to it is false. I can't seem to figure out what exactly is wrong here. Please help me out. I would really appreciate the help. Thanks! Anthony This topic has been moved to PHP Freelancing. http://www.phpfreaks.com/forums/index.php?topic=355195.0 i am using a Anti MySQL Injection my friend made for me config.php //Anti MySQL Injection function anti_injection($sql) { // removes words that contain sql syntax $sql = preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql); $sql = trim($sql); // strip whitespace $sql = strip_tags($sql); // strip HTML and PHP tags $sql = addslashes($sql); // quote string with slashes return $sql; } <?php include "./config.php"; $title = $_POST[title]; $type = $_POST[type]; $episode = $_POST[episode]; $year = $_POST[year]; $genre = $_POST[genre]; $status = $_POST[status]; $summary = $_POST[summary]; $pictures = $_POST[pictures]; $title = anti_injection($title); $type = anti_injection($type); $episode = anti_injection($episode); $year = anti_injection($year); $genre = anti_injection($genre); $status = anti_injection($status); $summary = anti_injection($summary); $pictures = anti_injection($pictures); ?> When i enter the data from the text box and click submit it still puts the data in to the date base but it shows ]Notice: Use of undefined constant title - assumed 'title' in C:\wamp\www\studying\take 2\addin11.php on line 41 Notice: Use of undefined constant type - assumed 'type' in C:\wamp\www\studying\take 2\addin11.php on line 42 Notice: Use of undefined constant episode - assumed 'episode' in C:\wamp\www\studying\take 2\addin11.php on line 43 Notice: Use of undefined constant year - assumed 'year' in C:\wamp\www\studying\take 2\addin11.php on line 44 Notice: Use of undefined constant genre - assumed 'genre' in C:\wamp\www\studying\take 2\addin11.php on line 45 Notice: Use of undefined constant status - assumed 'status' in C:\wamp\www\studying\take 2\addin11.php on line 46 Notice: Use of undefined constant summary - assumed 'summary' in C:\wamp\www\studying\take 2\addin11.php on line 47 Notice: Use of undefined constant pictures - assumed 'pictures' in C:\wamp\www\studying\take 2\addin11.php on line 48 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 Deprecated: Function sql_regcase() is deprecated in C:\wamp\www\studying\take 2\config.php on line 30 And thanks to the Anti MySQL Injection my Primary key in my database dont work :s can you help? thank you
Below is my contact from - and I have set anti spam question as I don't like captcha. How to I code the post/human bit so it is case insensitive?
<div class="one-half-column-right" id="contactform">
<form method="post" action="index.php#contactform">
<label>Name*</label>
<div class="clear"></div>
<input name="name" placeholder="Type Here">
<label>Email*</label>
<div class="clear"></div>
<input name="email" type="email" placeholder="Type Here">
<label>Message</label>
<textarea name="message" placeholder="Type Here"></textarea>
<label>*If today is Tuesday, what is tomorrow? <br> [lowercase answer please]<br> (Anti-spam)</label>
<input name="human" placeholder="Type Here">
<input id="submit" name="submit" type="submit" value="Submit">
</form>
<?php
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = 'From: Website Form';
$to = ‘name@name.com’;
$subject = 'website form enquiry';
$human = $_POST['human'];
$headers .= 'From: '.$from."\r\n".
'Reply-To: '.$from."\r\n" .
'X-Mailer: PHP/' . phpversion();
$body = "From: $name\n E-Mail: $email\n Message:\n $message";
if ($_POST['submit'] && $human == ‘wednesday’) {
if (mail ($to, $subject, $body, $from)) {
echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700">
Request has been sent. We will get back to within 48 hours!<br></p>';
} else {
echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700">
Something went wrong, go back and try again!</p>';
}
} else if ($_POST['submit'] && $human != '') {
echo '<p style="font-family: Montserrat, Helvetica, Arial, sans-serif; font-weight: 600; text-align:center; font-size: 16px; color: #000; text-transform: uppercase; background-color: #FFD700">
You answered the anti-spam question incorrectly!</p>';
}
?>
<!--// form //-->
Hi guys, I wrote this speck of code to prevent directory transversal. However, I'm not that great with security issues, so I would like some of the gurus to offer pointers/tips/hints as to whether my code is safe or not and how to improve it. $pageID = $_GET["pageid"]; $pageNewIDLower = strtolower($pageID); $pageNewID = ereg_replace("[^A-Za-z0-9]","",$pageNewIDLower); if (strstr($pageNewID,"../") || strstr($pageNewID,"%") != true) { // do stuff } else { include("pages/home.htm"); } If this looks wrong, let me know. I didn't take it directly from my php code as I'm on a cell phone at the moment. Hello guys, i have a problem that i am trying to solve myself for the entire past week. I am not a php programmer and i wish you can help me. There is a russian project called Crot Anti-Plagiarism, it is a open source moodle plugin. I started to use it and it is a really nice feature. The problem is that there are quite few people that are developing it and new features are coming once a year... I see a big "hole" in this project (at least for me) : The plugin checks for plagiarism in the file that you submit only once, if a student resubmits the file it doesn't see that and you need to start the plugin's test again for all the files which is time consuming if you have a lot of submitted files to check. I would like to add a function that will check if a file changed his modified date , if yes - mark for checking, if no - skip the checking. I already added a similar function that checks if the name has changed, but it seems harder to check it by uploaded time(modified time). Things i have already done: I added a new column "assignment_submissions_timemodified" in database. I added a new function that records the "time modified" of the file in the database. But i can't add and i cannot make the comparison between the date of the first time the file submitted versus the date of the second time the same file was resubmitted. Alright no more bullsh**t here is the code: (there are 3 comments that shows what i've changed, starting with //my job...) Thanks a lot! Code: [Select] $apath= $CFG->dataroot."/$assignment->course/moddata/assignment/$asubmission->assignment/$asubmission->userid"; $timemodified= filemtime($apath); //my job... it checks the file's modified time. $files = scandir($apath, 1); if (! $unprocessedsubm = get_record("crot_submissions", "submissionid", $asubmission->id, "crot_submission_file_name", $files[0], "assignment_submissions_timemodified", $timemodified)) //my job...now i guess here is the problem ( "assignment_submissions_timemodified", $timemodified) { echo "$timemodified"; echo "$unprocessedsubm"; print_r($unprocessedsubm); echo "\nsubmission $asubmission->id was not processed yet. start processing now ... \n" ; $atime = microtime(); $atime = explode(" ",$atime); $atime = $atime[1] + $atime[0]; $astarttime = $atime; if(!count($files))break; //TODO we should verify if filename changed //TODO add loop on the documents folder as well as loop for unzipping $apath = $apath."/$files[0]"; // call tokenizer to get plain text and store it in crot_submissions $atext = tokenizer ($apath); // update the crot_submissions table // delete if exists delete_records("crot_submissions", "submissionid", $asubmission->id); // insert the new record $record->submissionid=$asubmission->id; $record->updated = time(); $record->crot_submission_file_name = $files[0]; $record->assignment_submissions_timemodified = $timemodified; //this is my job.... it is recording the date as it has to. $submid = insert_record("crot_submissions", $record); // insert into documents $docrecord->crot_submission_id = $submid; Also i have attached the whole file crot_crone.php. So I have this page that outputs a sql query for required courses (healthcare field) and creates an email based on user input (variable). The email sends and I receive the information but the format is jacked up. My markup in the email shows. As an example, I should be getting this. Course Date Mandt Recert 1/16/2011 AWMD Recert 9/15/2010 etc, etc. What I currently get in the email is this: <table width=100% class="style11"><th align="left"><u>Course</u></th><th align="left"><u>Complete By</u></th><th align="left"> <th><tr><td width=33%>Abuse Neglect and Exploitation</td><td width=10%>12-31-1997</td><td width=33%></td></tr><tr><td width=33%>BloodBorne Pathogens Video</td><td width=10%>04-18-2008</td><td width=33%></td></tr><tr><td width=33%>MANDT Recert</td><td width=10%>08-11-2010</td><td width=33%></td></tr><tr><td width=33%>AWMD Recert</td><td width=10%>06-28-2011</td><td width=33%></td></tr><tr><td width=33%>CPR/1st Aid Combo</td><td width=10%>07-16-2012</td><td width=33%></td></tr></table></body></html> <?php //connect to the database include 'dbcommon.php'; $conn = mysql_connect($dbhost, $username, $password) or die("Could not show the required classes." . mysql_error($conn)); mysql_select_db($dbname); //grab the classes that are required $query="SELECT course, date_last_taken, certification FROM course_completions WHERE employee_id='" . $_REQUEST['employid'] . "' order by date_last_taken asc"; $rs = mysql_query($query, $conn); $numrequired = mysql_num_rows($rs); $emailtext .= "<table width=100% class=\"style11\">"; $emailtext .= "<th align=\"left\"><u>Course</u></th><th align=\"left\"><u>Complete By</u></th><th align=\"left\"> <th>"; if ($numrequired == 0) { $emailtext .= "<html>\n"; $emailtext .= "<body>"; $emailtext .= "<tr><td colspan=3>No classes required</td></tr>"; } while ($results = mysql_fetch_array($rs)) { $emailtext .= "<tr>"; $emailtext .= "<td width=33%>"; $emailtext .= $results["course"]; $emailtext .= "</td>"; $emailtext .= "<td width=10%>"; $emailtext .= date("m-d-Y",strtotime($results["date_last_taken"])); $emailtext .= "</td>"; $emailtext .= "<td width=33%>"; $emailtext .= "</td>"; $emailtext .= "</tr>"; } $emailtext .= "</table>"; $emailtext .= "</body>"; $emailtext .= "</html>"; echo $emailtext; mysql_close($conn); $headers .= "MIME-Version: 1.0\n"; $headers .= "Content-Type: multipart/alternative; boundary=\"$mime_boundary\"\n"; //email the results/ $email = $_REQUEST["email"]; $comment = "message1"; $subject = " ARCA Required Courses "; $message = $emailtext; mail($email, $subject, $message); if ($mail) { echo "Email sent, click <a href=displaycourses.php?" . SID . ">here</a> to return."; } else { echo "There was a problem sending the email."; } ?> I'm sure the syntax isn't correct somewhere but I need help with the output of the email formatting. Thanks! Hi, Has anyone come across an issue when saving DOM to a file and Code: [Select] $document->preserveWhiteSpace = false; $document->formatOutout = true; has no effect? I want a little online users list at the bottom of my page and the color of the username is to match the color defined in the database. but how do i get them to align side by side? if i add them to a <p> they will all appear under neath each other. Heres my current code: $sql=mysql_query("SELECT * FROM ".DB_PREFIX."members WHERE online = 1"); while ($row = mysql_fetch_object($sql)) { echo '<p style="color: #'.$row->username_color.';">'.$row->username.'</p>'; } also i want a comma at the end of each but how do i stop it adding a comma to the end of the last one? I'm presently formatting surnames like this: Code: [Select] $surname = ucfirst(strtolower($surname))) .. so that SMITH, and smith ... both look like: Smith. That's all fine, but how do I ensure that... O'BRIEN o'brien o' brien ... all look like O'Brien ? That is, where no spaces are allowed to appear in the surname and where the first letter, as well as the one following the apostrophe are both capitalised. TIA I'm going round in circles with this one, but I have a feeling that the answer is obvious. I have POST information that I want to use as a date and display it using date format, but I don't know how to The POST data outputs the following: 2011-9-23 Assuming I have defined $date as the posted data from the previous form, how do I write some code to tell it to output it as September 23, 2011, or just Sept 2011? Please help me sort out the syntax for this Code: [Select] <?php echo '<a href="/u/${user_info["username"]}"><img src="', getUserAvatar($user_info['username']), "\" class=\"avatar f_left small\" title=\"${user_info['display_name']}\" alt=\"${user_info['display_name']}\" /></a>"; ?> Hi all Been trying to get my head around formatting a string, and struggling. I have a serious of numbers held in a DB and I need these to display as 5 figure numbers. if the DB held the record "48" I would need this to be displayed as "00048". Can anyone give me a clue. I've tried reading the php manual but this just confuses me more. This topic has been moved to Third Party PHP Scripts. http://www.phpfreaks.com/forums/index.php?topic=346474.0 Hi, When I do this the result is a date of zeros? $DateAndTime = date('d-m-y', strtotime($DateAndTime)); All I want is a date in format of DD0MM-YYY and the Time in HH:MM::SS Any help would be great! I know it is basic, Thanks in advance Hi, I am trying to print my database records into a php page. I am able to succesfully print the values however the values are being duplicated. For example If I have two records in the employee_details, every these two records are being printed twice on my php page. can anyone tell me the reason why? The output that I see is as follows 7 7 3a7cf5162a9c0a5014c92021e7ca0bf0 3a7cf5162a9c0a5014c92021e7ca0bf0 Bryan Bryan 4111 4111 Admin Admin 6 6 6743c3d1519ab4f2cd9a78ab09a511bd 6743c3d1519ab4f2cd9a78ab09a511bd Raul Raul 601 W Yandell Dr, 601 W Yandell Dr, Admin Admin <html> <head> </head> <body> <?php mysql_connect("localhost","root",""); mysql_select_db("encryption") or die(mysql_error()); $query = mysql_query("select * from employee_details"); ?> <table> <?php for($counter = 0;$row=mysql_fetch_array($query); $counter++) { print ("<tr>"); foreach($row as $key=> $value) print ("<td>$value</td>"); print ("</tr>"); } ?> </table> </body> </html> Hi everyone, I am having some odd issues with sending php generated emails. Essentially, what I'd like to know is how can I ensure they go into the inbox, and not get shunted to the junk mail folder. I assume this is s formatting issue, and it only happens sometimes. I am creating html emails. I have included my headers below: $headers = "From: <Real Money Help>\r\n"; $headers .= 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; Any help would be appreciated. Thanks. Hi there, So I have data which I am fetching from two tables link in a one-to-many relationship using the following code: sql = "select authcourses.id as id, title, date_format(closingdate, '%d.%m.%y') as date, name from authcourses inner join authorities on authorityid = authorities.id order by authorityid"; $result = mysqli_query($link, $sql); if(!$result) { $error = 'Unable to get list of authorities'; include '../../error.html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $authcourses[] = array('name' => $row['name'], 'title' => $row ['title'], 'date' => $row['date'], 'id' => $row['id']); } I then output the data in a table like this: Code: [Select] <table> <thead><th>Title</th><th>Closing Date</th><th>Action</th></thead> <tbody> <?php foreach ($authcourses as $authcourse): ?> <tr> <form action="?" method="post"> <tr> <td><?php htmlout($authcourse['name']); ?></td> <!-- custom function htmlout($text) see helpers.inc.php --> <td><?php htmlout($authcourse['title']); ?></td> <td><?php htmlout($authcourse['date']); ?></td> <td> <input type="hidden" name="id" value="<?php echo $authcourse['id']; ?>" /> <input type="submit" name="action" value="Edit" /> <input type="submit" name="action" value="Delete" /> </td> </tr> </form> <?php endforeach; ?> </tbody> </table> The htmlout() is a custom function which is basically "echo htmlspecialchars($str)", and you can ignore the form stuff. I get an out put like this: York, Course 1, 2011-02-15 York, Course 2, 2011-03-01 Manchester, Course 3, 2011-06-17 Manchester, Course 4, 2011-08-12 Derby, Course 5, 2011-01-10 Barnet, Course 6, 2011-08-19 Barnet, Course 7, 2011-06-23 etc etc... What I want is something like this: York: Course 1, date Course 2, date Manchester: Course 3, date Course 4, date Derby: Course 5, date Barnet: Course 6, date Course 7, date etc.. I guess I'd like to load an array for each of the authorities (cities) with the course info, then I can output it in my form like this: Code: [Select] <?php foreach ($authcourses as $authcourse): ?> <h1><?php htmlout($authcourse['name'] ?>: </h1> <?php foreach ($courses as $course): ?> <p><?php htmlout($course['title'];?><p> <p><?php htmlout($course['date'];?></p> <?php endforeach; ?> <?php endforeach; ?> I hope that makes sense... Any help would be great. Cheers, Mike |
|||||||