views:

46

answers:

1

Good morning,

I would like the code in my controller to look something like this:

<?php
$class = new sanitizeInput()

$string1 = $class -> input($_POST[name]) -> mysql_escape();
$string2 = $class -> input($_POST[age]) -> mysql_escape();

print "
     String1: $string1 <br />
     String2: $string2"
?>

It seems with my sanitizeInput class, any change to $string2 is applied to $string1. What ways can I change this? I would preferably like to make the changes within the class to make my controller as easily read as possible.

Sure, I know I can instantiate twice, but I would like to use the same object if possible.

It would be great if my class:

  • Instantiate once,
  • Set input,
  • Tell it to mysql_escape, and return __toString to $string1.
  • Set input leaving $string2 alone, mysql_escape and return __toString string to $string2.

EDIT: This is my full code as requested by comment:

$name = $sanitize -> setInput($name) -> stripTags() -> mySql() -> replaceLinks('[ En webadresse ble sensurert her ]') -> trimWhitespace();
$age = $sanitize -> setInput($age) -> stripTags() -> mySql() -> replaceLinks('[ En webadresse ble sensurert her ]') -> trimWhitespace();


class Sanitizer {

    protected $_data;

    public function setInput($input) {
        $this -> _data = $input;
        return $this;
    }


    public function stripTags($array = NULL) {
        if (!is_null($array) and is_array($array)) {
            $allowedTags = implode('', $array);
            $this -> _data = strip_tags($this -> _data, $allowedTags);
        }
        else {
            $this -> _data = strip_tags($this -> _data);
        }
        return $this;
    }

    public function mySql() {
        $this -> _data = mysql_escape_string($this -> _data);
        return $this;
    }

    public function replaceLinks($replacement = NULL) {
        if (is_null($replacement)) {
            $replacement = '[ Potential web-address censored here ]';
        }
        $this -> _data = preg_replace('~[a-z0-9:/._-]+\.(biz|com|edu|gov|info|mil|net|org|as|eu|no|se|uk)[/a-z]{0,}~i', $replacement, $this -> _data);
        return $this;
    }

    public function trimWhitespace() {
        $this -> _data = trim($this -> _data);
        return $this;
    }

    protected function __toString() {
        $str = $this -> _data;
        return $str;
    }
}

Thank you for your time.

Kind regards,
Marius

+1  A: 

$string1 and $string2 will be references to the same object right up until you try to convert the value to a string, so any changes you make will be applied to both strings. I think you would have to explicitly convert the object to a string to prevent this, e.g.

$string1 = (string) $class -> input($_POST['name']) -> mysql_escape();
$string2 = (string) $class -> input($_POST['age']) -> mysql_escape();

I'm not sure using a 'fluent' interface is appropriate here because you don't really want the object to be maintaining state between calls if you want to use the same instance in multiple places at the same time. It would be better to use a different object for each string.

Tom Haigh