PHP Classes

requestUtils: Retrieve and sanitize user submitted request data

Recommend this page to a friend!
  Info   View files View files (3)   DownloadInstall with Composer Download .zip   Reputation   Support forum (1)   Blog    
Ratings Unique User Downloads Download Rankings
StarStarStar 56%Total: 2,387 This week: 1All time: 1,632 This week: 560Up
Version License Categories
pcgrequestutils 1.0.0GNU General Publi...HTTP, Security
Description 

Author

This class acts a central place to retrieve user submitted data to a page access via the request, form inputs or cookies.

Instead of using the super-global variables $_POST, _$GET, $_REQUEST and $_COOKIE, this class can be used instead so the submitted data can be sanitized to prevent well known security attacks like cross-site scripting and SQL injections.

It may also check whether magic quotes option is enabled and eventually add escape slashes characters.

Picture of Nilesh Dosooye
Name: Nilesh Dosooye <contact>
Classes: 4 packages by
Country: Mauritius Mauritius
Age: 47
All time rank: 6211 in Mauritius Mauritius
Week rank: 416 Up1 in Mauritius Mauritius Equal

Details

This class is used througout the PCG Framework to get all data from Form. Code Generated from phpCodeGenie (PCG) automatically uses the RequestUtils to get all user Data from form. For more information, check the phpCodeGenie webpage on Sourceforge http://phpcodegenie.sourceforge.net/ Extract taken from the PCG Framework OverView Manual about Request Utils Dealing with User Input using requestUtils User input in a web application is done via HTML forms. PHP provides the $_POST, $_GET and $_REQUEST global variables to retrieve data from html forms directly. Retrieving the data directly from these global variables could cause a security threat in your application though. One can never trust user input. There can be malicious users trying to do Cross Site Scripting (XSS) or SQL injections hack by messing with the data. Therefore, one need to be parse the data and make sure it is safe before passing it to your application. An example of an XSS attack would be : e.g Let say you have a text field element, which you allow user to input data and then your display the input data, the user could put something like <script> (for ;;) { alert(‘hacked’); </script> in the input text and on displaying the input data, your page would go in a infinite loop asking the user to press on a javascript alert box forever. Another common problem with user input is magic_quotes is turned on or off. When magic_quotes is turned on in your php, some characters are automatically escaped. While you might have it enabled on your server, you are not sure that all servers you are going to deploy your application to, will have the same settings. So you need to make sure that, you check for whether its enabled or not on the server that your application runs on and escape your user data accordingly. It would be a big hassle to check for whether magic quotes is on or off each time you get a a user input. PCG solves these two above problems by using the requestUtils class to get form elements. By using a separate class to do the form retrieval, it puts that action in one central place and easy to change. So in that class, you can add whatever sanity check you need to make. Currently, the requestUtils::getRequestObject($elementName) method ltrim and rtrim your input data, strip the html tags (this setting is configurable in applicationConstants.inc.php, by setting the ALLOW_HTML_TAGS_IN_POST_GET_REQUESTS constant to true or false) and if magic_quotes is not enabled, addslashes to the data before returning to the client. Usage example Let’s say you have a form HTML FORM <FORM NAME=”nileshForm” METHOD=”POST” ACTION=”test.php”> UserInput : <input type=”text” name=”userInput” value=””> </FORM> Instead of using <? $thisUserInput = $_POST[‘userInput’]; ?> to get that form element, we will use the code below. It will perform the same action as using the $_POST, but it will also do sanity check on the data input by user. You can add your own additional sanity checks to the getRequestObject method if you need to in one central place. PHP SCRIPT <? $thisUserInput = requestUtils::getRequestObject('userInput'); ?>

  Files folder image Files  
File Role Description
Accessible without login Plain text file example.php Example example of requestUtils Usage
Accessible without login Plain text file README.txt Doc. Documentation and Class Usage
Plain text file requestUtils.class.php Class the reqiestUtils Class

 Version Control Reuses Unique User Downloads Download Rankings  
 0%1
Total:2,387
This week:1
All time:1,632
This week:560Up
 User Ratings  
 
 All time
Utility:73%StarStarStarStar
Consistency:78%StarStarStarStar
Documentation:59%StarStarStar
Examples:65%StarStarStarStar
Tests:-
Videos:-
Overall:56%StarStarStar
Rank:1707