What is a good way to process data from a form before applying business logic in PHP?

views:

109

answers:

+3 Q:

What is a good way to process data from a form before applying business logic in PHP?

I think this is a common issue.

Whenever there is a form on a web page, there is a PHP file on the back-end processing the data sent from the form. You start with $_POST, You need to ensure that the names of input elements are not falsified, increased or decreased, and you want to make sure that no input elements are left blank, and you also need to escape quotation marks, so you may need to employ isset(), empty(), mysql_real_escape_string() or other functions to do this routine work before you apply business logic to these data.

What's the best way to do this routine work?

I want to write less code, and make it robust.

Maybe there are no best way, but at least there are good ways to do it. How to do it?

For the sake of convenience, suppose there are data like username, password, title, content, question, answer,unit_price,...

What if I don't use any PHP framework?

+2 A:

IMHO,

The Zend_Form component provide a good robust reusable way to do that kind of tasks.

RageZ 2009-11-17 06:21:44

IMHO using Zend_Form adds a lot of bloat just to do input validation. But I am also very anti-zend. With that said it is a valid option so +1.

MitMaro 2009-11-17 06:27:54

@MitMaro: yes you are right you can also render the form and do some templating (view), `Zend_Validate` would match more the validation part but I don't really like the idea to have to setup each validator and check their state, so using `Zend_Form` without the rendering part is better IMHO

RageZ 2009-11-17 06:31:19

What if I don't adopt any PHP framework?

Steven 2009-11-17 08:23:12

@Steven: I would say you can do your own class and tools but that's a bit reinventing the well for nothing. Zend Framework is construct in a way that you don't have to use everything, you can user only the part you are interested in so I would give a try if I were you

RageZ 2009-11-17 08:25:47

@RageZ, Zend Framework may be good, but if I use it, I have to stop and spend much time learning it. The cost of learning

Steven 2009-11-17 08:54:25

@Steven: sure but how much time do you think it would take you to build your set of tool? more / less ?

RageZ 2009-11-17 09:02:53

+1 A:

As RageZ has talked about Zend_Form... If you're really only after the filtering- and validation-part you don't have to use the (sometimes) bloated and complicated interface of Zend_Form. You can use Zend_Filter_Input, which actually is Zend_Form without forms (the rendering part). You can use the same filters and validators as in Zend_Form but in a conciser way.

But every PHP framework should have its own input-sanitation component, so replace Zend_Form/Zend_Filter_Input with the appropriate component of the framework you like to use.

Stefan Gehrig 2009-11-17 07:46:49

What if I don't employ any PHP framework?

Steven 2009-11-17 08:23:42

You can extract `Zend_Filter_Input` from the Zend Framework and use it as a stand-alone component - or see my second answer.

Stefan Gehrig 2009-11-17 08:38:35

+1 A:

I'll add a second answer as this one has nothing to do with my first answer which was aimed at the Zend Framework.

If you don't want to use a framework and if you do have PHP >= 5.2.0 you can use the ext/filter extension which actually has at least most of the important features from the framework filtering and validating components.

Stefan Gehrig 2009-11-17 08:41:51

ansaurus

tags:

views:

answers:

What is a good way to process data from a form before applying business logic in PHP?

related questions