For example, I hate typing things like:
$x = mysql_escape_string(stripslashes($_GET['x']));
Is there a way to alias those two functions in init.php or something without writing a separate function that takes one argument and returns that argument with those functions applied to it?
My C/C++ is not very good, but I think this is sort of like #typedef but for functions?
function myget($string)
{
return mysql_real_escape_string(stripslashes($_GET[$string]));
}
This is the solution in PHP.
If you want a 1:1 function mapping, this works, it makes backtraces a bit nasty, but works
class DB
{
public static function escape()
{
$args = func_get_args();
return call_user_func_array('mysql_real_escape_string', $args );
}
}
DB::escape( $foo );
Now I've used the func_get_args / call trick here for one reason only:
This notation should work on any function.
It would however be more optimal to just chain it directly
class DB
{
public static function escape($string)
{
return mysql_real_escape_string( $string );
}
}
And there is no good reason to be stripping slashes, unless you have that horrible "feature" in php enabled which auto-slashes input.
class DB
{
public static function un_gpc($string)
{
if( get_magic_quotes_gpc() === 1 )
{
return stripslashes( $string );
}
return $string;
}
public static function escape($string, $quote=false)
{
if( !$quote )
{
return mysql_real_escape_string( $string );
}
return '"' . self::escape( $string ) . '"';
}
public static function escape_gpc( $string , $quote = false )
{
return self::escape( self::un_gpc( $string ), $quote);
}
public static function get( $string , $quote = true )
{
return self::escape_gpc( $_GET[$string] , $quote );
}
}
# Handy Dandy.
$q = 'SELECT * FROM FOO WHERE BAR = ' . DB::get( 'bar' ) ;
This should do the trick :
// Macros
$mes = "mysql_escape_string";
$ss = "stripslashes";
// Using your macros
$x = $mes($ss($_GET['x']));
Though I don't recommend coding like this at all.
I'm just answering the question since you said you didn't want to create any new function and get a "#define"-like functionality.
You can do an anonymous function with create_function:
$newFunc = create_function('', 'return mysql_escape_string(stripslashes($_GET[\'x\']));');
$newFunc();
I hope your example is not representative of your project.
stripslashes() shouldn't be necessary - if you find it is, turn off magic_quotes_gpc in your php.ini. mysql_real_escape_string() (or a prepare/execute pair) instead of mysql_escape_string() and it should be where your SQL is being assembled, not where you are retrieving values off the URL.Fix those two problems and your code degenerates to
$x = $_GET['x'];
I'd go with Bill Karwin's suggestion, but I'd like to add a perspective I think is important.
If you're wanting to replace repeated calls to a(b(...)) with c(...) the chances are that c has some meaning in itself - beyond a simple composition. Think about the context, and how you would name such a function. Often it will have some semantics of its own that don't specifically depend on a,b - that's just one implementation. If that's the case, then it's easy to see this as a (simple) function in its own right that happens to be implemented by a call to b then a. The simplicity in this case might tempt you to want to "alias" a function, but in the general case this probably isn't too helpful.
Now in this particular case I would think:
Seriously. This is exactly the reason that you should use query parameters to reduce the risk of SQL injection attacks. MUCH more reliable than what you are trying to do here.
Sork, thanks for answering the question. That is kind of what I wanted, but I was hoping that PHP had something... better.
I presume you are wanting something like a C macro, which is easy to use like a function, but doesn't have the same overhead as calling a real function. PHP doesn't have any such feature. Are you trying to make your code faster or more efficient?