Cleaner - professional code - Webdigity webmaster forums

5, December 2008	Cleaner - professional code - webmaster forum
	This forum shares its ad revenue with its members!
Navigation Webdigity Services Pagerank Monitor Whois Tool Web Design Gallery Webmaster Forums Webmaster Directory Tutorials Database Webmaster Forums WebDigity Community HumanWorks network new... Clickbank Contextual S... Forum Contests Forum Lounge New Member Introductions Tech News Google Forum User Forums aStatSpam forum Computers 3rd-Party Scripting The 100 Lists Website ... PixelThings Smart Publisher Forums Talk Design and Layout General webmaster disc... Graphics & Multimedia Adobe Photoshop Macromedia Flash & Act... Web Page Design HTML & XHTML CSS Accesibility issues Website & Graphic Revi... Web Development PhP PHP classes @finalwebs... Php User Class JavaScript Databases MySQL Security Miscellaneous Languages ASP & .NET Java & JSP Web hosting talk Hosting companies Domain names Configuring your server Apache web server Monetizing your site General Business CPC programs Adsense Chitika eMiniMalls CPM programs Affiliate programs & o... Web site promotion Promotion techniques Search Engine Optimiza... Google SEO Promoting & building a... SMF moding & promoting Marketplace Advertise your services Sell your site Sell a domain name Request services Hire people Link trading requests [ Home \| Help \| Search \| Forum's Shop \| Archive \| Login \| Register \| Webmaster Directory ]

Webdigity Webmaster Forums > Web Development > PhP
Topic: Cleaner - professional code

« previous next »

Pages: [1]

Author

Topic: Cleaner - professional code (Read 318 times)

Metal slug addict

Gender:

Posts: 19
138 credits
Members referred : 0

« on: Jul 28, 2008, 02:40:59 AM »

Hi Guys,

I have self taught myself PHP / MYSQL over the past year, learning just enough and what I need to for each job that comes along.

Can I please get some constructive criticism on the following code ??

Am I doing things correctly / securely enough, the least time consuming way Huh

// check if the form was submitted

if(isset($_POST['submitted']))

{

// Show errors, if any

ini_set ('display_errors', 1);

error_reporting (E_ALL & ~E_NOTICE);

include 'db-connect.php';

// filter posted variables to guard against header injection

$clean = cleaner($_POST);

// we then need to access each POSTED variable like this: $clean['name']

// declare the variables that werent required (by the form) and or declare integars that didnt need to be cleaned

$security = $_POST['security'];

$job_description = $clean['job_description'];

$vet_reg_num = $clean['vet_reg_num'];

$fax_number = (int) $_POST['fax_number'];

$type = $clean['type'];

// format the checkbox data - seperate with commas
foreach($clean['services'] as &$value) {

$value="".$value."";

}

$services=implode(", ", $clean['services']);

// Initialize error array.

$errors = array();

if(empty($clean['username'])){

$errors[] = 'A username is required and must be alpha-numeric.';

}

// validate the username

$username = $clean['username'];

if (!preg_match('/^[a-z\d_]{4,28}$/i', $username)) {

$errors[] = 'A username is required and must be alpha-numeric.';

}

// Make sure the username is available.

include 'db-connect.php';

$query = "SELECT username FROM Members WHERE username='$username'";

$result= mysql_query($query) or die(mysql_error());

if (mysql_num_rows($result)) {

$errors[] = 'Sorry, that username is already in use.';

}

mysql_close($db);

// Check for a password and match against the confirmed password.

if (eregi ("^[[:alnum:]]{4,20}$", stripslashes(trim($clean['password'])))) {

if ($clean['password'] == $clean['password_confirm']) {

$password = $clean['password'];

} else {

$errors[] = 'Your password did not match the confirmed password!';

}

} else {

$errors[] = 'Your password must be alpha-numeric.';

}

if(empty($clean['password_confirm'])){

$errors[] = 'Please confirm your password.';

} else{

$password_confirm = $clean['password_confirm'];

}

if(empty($clean['title'])){

$errors[] = 'Please enter your title.';

} else{

$title = $clean['title'];

}

if(empty($clean['first_name'])){

$errors[] = 'Please enter your first name.';

} else{

$first_name = $clean['first_name'];

}

if(empty($clean['last_name'])){

$errors[] = 'Please enter your last name.';

} else{

$last_name = $clean['last_name'];

}

if(empty($clean['occupation'])){

$errors[] = 'Please enter your occupation.';

} else{

$occupation = $clean['occupation'];

}

if(empty($clean['prac_name'])){

$errors[] = 'Please enter your practice name.';

} else{

$prac_name = $clean['prac_name'];

}

if(empty($clean['prac_type'])){

$errors[] = 'Please enter your practice type.';

} else{

$prac_type = $clean['prac_type'];

}

// Check for an email address & make sure there are no errors.

$email_address = $clean['email_address'];

if (empty($email_address))

{

if (!eregi("^.+@.+\\..+$", $email_address))

{

$errors[] = 'Your email address contains errors.';

}

}

// Make sure the email address is available.

include 'db-connect.php';

$query = "SELECT email FROM Members WHERE email='$email_address'";

$result= mysql_query($query) or die(mysql_error());

if (mysql_num_rows($result)) {

$errors[] = 'Sorry, that email address is already in use.';

}

mysql_close($db);

if(empty($clean['phone_number']) && ($clean['mobile_number'])){

$errors[] = 'Please enter a phone number';

} else{

$phone_number = $clean['phone_number'];

$mobile_number = $clean['mobile_number'];

}

if(empty($clean['street'])){

$errors[] = 'Please enter a street name.';

} else{

$street = $clean['street'];

}

if(empty($clean['city'])){

$errors[] = 'Please enter a city.';

} else{

$city = $clean['city'];

}

if(empty($clean['state'])){

$errors[] = 'Please select a state.';

} else{

$state = $clean['state'];

}

if(empty($clean['postcode'])){

$errors[] = 'Please enter your postcode.';

} else{

$postcode = $clean['postcode'];

}

if(empty($clean['country'])){

$errors[] = 'Please enter your country.';

} else{

$country = $clean['country'];

}

// Check the security field has been answered correctly

if(($security) !== "2"){

$errors[] = "You answered the security question wrongly. 1 + 1 = 2)";

}

// If everything went okay and there were no errors, continue.

if (empty($errors)) {

// format the date & time

$now = time();

$thisYear = date("Y-m-d H:i:s", $now);

// Create the activation code

$a = md5(uniqid(rand(), true));

require 'db-connect.php';

$sql = "INSERT into Members (

username,

pass,

title,

first_name,

last_name,

occupation,

job_description,

vet_reg_num,

email,

prac_name,

street,

city,

state,

postcode,

country,

phone,

mobile,

fax,

type,

services,

activation_code,

date_reg)
VALUES (

'$username',

SHA('$password'),

'$title',

'$first_name',

'$last_name',

'$occupation',

'$job_description',

'$vet_reg_num',

'$email_address',

'$prac_name',

'$street',

'$city',

'$state',

'$postcode',

'$country',

'$phone_number',

'$mobile_number',

'$fax_number',

'$prac_type',

'$services',

'$a',

'$thisYear') ";

mysql_query($sql) or die(mysql_error());

echo 'data added!';

mysql_close($db);

exit();

// if errors array contains a value

} else {

echo '<table align="center"><tr><td><b>The following error(s) occurred:</b><br /><blockquote>';

foreach ($errors as $msg) {

echo "* $msg<br />\n";

}

echo '</font></blockquote></td></tr></table><br /><br />';

}

// if the form wasn't submitted - display the reg form

}

I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master

Gender:

Posts: 8272
42619 credits
Members referred : 3

« Reply #1 on: Jul 29, 2008, 10:49:25 PM »

Your code looks ok, but maybe it is too much. I mean do you really need to use a recursive function to create an SQL injection safe version of your whole data, instead of cleaning the data that you are using to your queries?

An optimization you can use, is limiting the mysql results where possible. For instance this:

$query = "SELECT username FROM Members WHERE username='$username'";

could be :

$query = "SELECT username FROM Members WHERE username='$username' LIMIT 1";

Trial and Error my two best teachers Cool

Join us @ facebook

or twitter

Last blog : Free Unlimited Bandwith and disk space to good to be true?

Trackback URI for this entry : http://www.webdigity.com/trackback.php?topic=7875

Tags : php code

Bookmark this thread : Digg Del.icio.us Dzone more....

Topic sponsors:
Get a permanent link here for $1.99!

Pages: [1]

Webdigity Webmaster Forums > Web Development > PhP
Topic: Cleaner - professional code

« previous next »

Jump to:

User Area
Welcome, Guest. Please login or register. Did you miss your activation email? Dec 05, 2008, 04:14:42 PM Login with username, password and session length

Donate to our community, and get a permanent link back to your site!

Forum Statistics
Total Posts: 38.000 Total Topics: 7.685 Total Members: 4.470 Tutorials : 56 Resources : 143 Designs : 220 Latest Member: srinivasarao 27 Guests, 6 Users online : Yahoo crawler, Googlebot, Baidu Spider, toy17s, Msnbot, Gigabot 9 users online today: toy17s, clicktechs, Nikolas, Small Business SEO, sansthaa, Olaf, X-man, YMC, IsThatJose

Recent topics
Re: Best Sites To Get Inbou... Re: What is the most prefer... Re: need to know your opini... Re: Which hosting company i... Qoutes for the day Thread!!... Re: Yes or no game! Do you ... Re: 23 sites for sale cheap... Re: need name for web devel...

HumanWorks Network
Technology news Webmaster articles Sublime web directory RSS Feed directory and viewer

Readers

Web Design Gallery · Whois Lookup · Pagerank · Tag Browsing · Lo-fi version · Syndication · Webmaster forum history · Advertise
Developed by HumanWorks © 2005 - 2008 Webdigity webmaster community · sublime directory
Webdigity Webmaster Forums | Powered by SMF 1.0.12. © 2001-2005, Lewis Media. All Rights Reserved.

Cleaner - professional code - webmaster forum