Some tips or useful info that i found interesting or useful at the moment of writing.
USE IT EVERYWHERE. THE END.
Based on stackoverflow article. Sanitize & Filter -> Validate -> Prepare for storage -> Outputting back to HTML
- Make sure field has correct data type by using is_xxx function or casting user data
- Escape HTML with
htmlspecialchars()
or withhtmlentities()
(used only when 100% needed) - Or instead of escaping HTML, strip HTML tags with
strip_tags()
, but better yet with HTML Purifier- From PHP >=5.2 version you can use Data Filtering extension
Never ever rely on client-side validation, its just for UX.
- earlier mention Data Filtering extension provides some usefull validation methods
mysqli_real_escape_string()
- if using mysqliPDO::quote()
- if content doesn't use html tags which you have managed before then use
htmlspecialchars()
- for javascript objects use
json_encode()
TODO http://aaroncameron.net/article.html?aID=59 http://php.net/manual/en/function.addslashes.php https://www.google.lv/webhp?sourceid=chrome-instant&ion=1&espv=2&es_th=1&ie=UTF-8#q=what+are+magic+quotes+in+php+w
The only small difference is that closures defined in class methods may also access the class and the current object via $this. Since $this is saved “within the closure” the corresponding object will live at least as long as the closure.
Because not all closures defined in class methods need $this, it is possible to declare a lambda function to be static:
class Example {
public function doSomething () {
$x = 4;
$closure = static function ($y) use ($x) {
return $x + $y;
};
return $closure (6);
}
}