How to Sanitize User Input in PHP?

Posted on April 20, 2010 by Stoimen

It’s a question almost every PHP developer asks yourself. By me the most simple way to sanitize the user input is to save everything in the database with no loosing of tags or whatever HTML markup and than on displaying this on the client side to strip_tags if needed.

In example when saving a HTML formatted text you can use simply the htmlspecialchars method

$description = htmlspecialchars($_POST['description']);

Than you can be sure everything’s in the database, but it’s not actually HTML. Thus you don’t have any tags at all in the database field.

When you show this in the client side and you’d like to strip some tags, i.e. to keep only the <a> tag you can do this:

echo strip_tags(htmlspecialchars_decode($description), '<a>');

That’s the most simple way to keep everything as the original source. By me it’s better to keep whatever HTML markup there is on the input.

Posted in micro tutorial, PHP | Tagged , , , , , , , , | 3 Comments

Custom Routes with Zend_Controller_Router_Route

Posted on April 20, 2010 by Stoimen

Rewrite The Url?

Actually this is really a common task to do. You’ve to rewrite the url to be more “user friendly”. To be more clear I’ll give you an example. Let’s imagine you have a index controller and an index action. Thus if you have to load an Id from the database at least with the build in Zend Framework capabilities, you’ve to use this link:

www.example.com/index/index/id/33949

This is not good. It’s really bad. It will be great if you can use something like this:

www.example.com/33949

The solution in Zend Framework is called Zend_Controller_Router_Route. In a short snippet this will look like so:

$frontController->addRoute("my-route", new Zend_Controller_Router_Route("/:id",
    array("controller" => "index", "action" => "index", 'id' => 1),
    array('id' => '\d+')));

Here as you can see id is set to be 1. But don’t worry that’s not a hard code. The real work is done by the last parameter where the id is matched against a number value. Thus www.example.com/3 will be OK, but www.example.com/3a won’t.

Important Note

Don’t forget to add this rewrite rule in the .htaccess file.

Posted in micro tutorial, PHP, zend framework | Tagged , , , , , , , , , , , , , | 4 Comments

CSS word-wrap to Wrap Long Words

Posted on April 17, 2010 by Stoimen

So you have a very very long word in some HTML element:

verylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongword

As you can see what we miss is line breaks. This is a rare situation, but it may occur when you paste links or something. So the question is how to fix it.

Pure CSS needed

Simply add a fixed width and word-wrap.

width:400px;
word-wrap:break-word;

Now the result is obvious:

verylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongwordverylongword
Posted in web development | Tagged , , | 3 Comments

Zend_Validate_Alnum Doesn’t Work Correctly

Posted on April 16, 2010 by Stoimen

Zend Framework’s Zend_Validate

I’m used to validate the form in a typical Zend Framework application with Zend_Validate or course. It gives you the absolute power to use the build in classes for standard validation, as well as write your custom validation classes.

The problem I had was a bit odd! Zend_Validate_Alnum is supposed to filter all characters and numbers, but what about non Latin symbols!? The project I’m working on is multilingual and there are eight languages, including Arabic, Chinese and Russian! All these were incorrectly !not validated by Zend_Validate_Alnum, although there were only letters and numbers!

In fact whatever the string encoding was – it doesn’t seem to work! Perhaps I’m wrong, but so far this is the situation.

Recent Update

After few test I figured out the problem was not in Zend_Validate at all! My mistake the solution is:

iconv_set_encoding('input_encoding', 'UTF-8');
iconv_set_encoding('output_encoding', 'UTF-8');
iconv_set_encoding('internal_encoding', 'UTF-8');
Posted in PHP, zend framework | Tagged , , , , , | 1 Comment

Zend_Http_Client and Case Sensitivity

Posted on April 14, 2010 by Stoimen

Recently I posted about Zend_Http_Client and the ability to check a request HEAD or GET. It is, as everything in Zend Framework, extremely easy to adopt and use, but today I experienced some “strnage” problems!

As I wrote some lines of code,

<?php
....
$client = new Zend_Http_Client('uri_path');
$request = $client->request('head');
...
?>

so far so good, everything worked just perfect until I deployed the “working” code on the production server. Than odd enough some requests just crashed. Not all – just some of them.

Another strange thing was that no exception was thrown.

Maybe using more my intuition instead of my brain I just tried to request the head using capital letter – HEAD. And as everything was strange enough, yet again this solution happened to be working! That solved my problem.

<?php
....
$client = new Zend_Http_Client('uri_path');
$request = $client->request('HEAD');
...
?>
Posted in micro tutorial, PHP, zend framework | Tagged , , , , , , , | 3 Comments