museum-digital/MD_STD
32
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
566590135b
MD_STD/MD_STD_IN.php
Joshua Ramon Enslin 566590135b Add function sanitize_id_or_zero for validating and sanitizing input 
integers that may hold an ID or a 0

Example use case: Event parts in musdb.
2020-08-21 13:58:24 +02:00

140 lines
4.1 KiB
PHP
Raw Blame History

<?PHP
/**
* Gathers wrappers for handling inputs.
*/
declare(strict_types = 1);
/**
* Standard class providing overrides of default PHP functions as static
* functions.
*/
class MD_STD_IN {
/**
* Validates and sanitizes input integers to be in line with MySQL
* autoincrement IDs.
*
* @param mixed $input Input string.
*
* @return integer
*/
final public static function sanitize_id($input):int {
$input = filter_var($input, FILTER_VALIDATE_INT, [
'options' => [
'min_range' => 1, // Minimum number of an ID generated.
'max_range' => 4294967295 // Max value for MySQL's int data type
],
]
);
if (!($input)) {
throw new MDpageParameterNotNumericException("Value is not numeric.");
}
return $input;
}
/**
* Sanitizes and validates input integers to be either valid IDs or 0.
*
* @param mixed $input Input string.
*
* @return integer
*/
final public static function sanitize_id_or_zero($input):int {
if ($input === "") return 0;
$input = filter_var($input, FILTER_VALIDATE_INT, [
'options' => [
'min_range' => 0, // Minimum number of an ID generated.
'max_range' => 4294967295 // Max value for MySQL's int data type
],
]
);
if ($input === null) {
throw new MDpageParameterNotNumericException("Value is not numeric.");
}
return $input;
}
/**
* General string sanitization for all purposes. For use of inputs with MySQL's
* MATCH AGAINST, use the dedicated sanitization function.
*
* @param mixed $input Input string.
*
* @return string
*/
final public static function sanitize_text($input):string {
$output = \filter_var($input,
FILTER_SANITIZE_STRING,
FILTER_FLAG_NO_ENCODE_QUOTES);
if ($output === false) return "";
return trim($output);
}
/**
* Retrieves HTTP input texts from GET or POST variables, whatever is provided.
* If neither is given, returns a provided default.
*
* @param string $var_name Variable name.
* @param string $default Default value for the output.
* @param array<string> $allowed List of allowed values. Defaults to empty (all values allowed).
*
* @return string
*/
final public static function get_http_input_text(string $var_name, string $default = "", array $allowed = []):string {
if (isset($_GET[$var_name])) {
$output = self::sanitize_text($_GET[$var_name]);
}
else if (isset($_POST[$var_name])) {
$output = self::sanitize_text($_POST[$var_name]);
}
else $output = self::sanitize_text($default);
if (!empty($allowed) and !in_array($output, $allowed)) {
Throw new MDpageParameterNotFromListException("Parameter `{$var_name}` must be any of the allowed values: " . implode(', ', $allowed));
}
return $output;
}
/**
* Retrieves HTTP input texts from POST variables.
* If none is given, returns a provided default.
*
* @param string $var_name Variable name.
* @param string $default Default value for the output.
* @param array<string> $allowed List of allowed values. Defaults to empty (all values allowed).
*
* @return string
*/
final public static function get_http_post_text(string $var_name, string $default = "", array $allowed = []):string {
if (isset($_POST[$var_name])) {
$output = self::sanitize_text($_POST[$var_name]);
}
else $output = self::sanitize_text($default);
if (!empty($allowed) and !in_array($output, $allowed)) {
Throw new MDpageParameterNotFromListException("Parameter `{$var_name}` must be any of the allowed values: " . implode(', ', $allowed));
}
return $output;
}
}
Reference in New Issue View Git Blame Copy Permalink