Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

php function

Posted on 2016-11-14
3
Medium Priority
?
51 Views
Last Modified: 2016-11-15
is it correct to write a function like this?

function clean($data) {
  $data = htmlspecialchars($data);
  $data = $mysqli->real_escape_string($data);
  return $data;
}

Open in new window

0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 59

Accepted Solution

by:
Julian Hansen earned 2000 total points
ID: 41887455
In what way? The correctness of a function is two fold
1. Does it run without error
2. Is it appropriate within the context of the application

In this case there is a problem with it.

Look at line 3 - you use $mysqli - where does that come from?

You should be passing that to the function
function clean($mysqli, $data) {

Open in new window

1
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 41887565
Thank you
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 41887584
Two things worth noting here.

1. Functions encapsulate "scope."  The "scope" is the set of variables that are visible inside the function.  Since $mysqli is not defined in the function code, it is not in the scope of the function.  As Julian points out, it must therefore be injected into the function.  We call this "dependency injection" because code inside the function depends on the $mysqli variable.
http://php.net/manual/en/language.variables.scope.php
https://www.experts-exchange.com/articles/18210/Software-Design-Dependencies.html
https://www.experts-exchange.com/articles/19999/PHP-Design-Avoiding-Globals-with-Dependency-Injection.html

2. Functions (like classes) should do one thing only.  In the instant case, this function mungs the $data variable twice, and in discordant ways.  The first mung changes special characters into entities.  The second mung changes the string, injecting escape sequences that remove the programmatic meaning of things like quotes and apostrophes.

The second mung, escape(), is used before sending data to the database engine.

The first mung, htmlspecialchars() is used before sending data to the client browser.

This leads me to ask, "which is it?"  If you're preparing data for use in a query string, your script is part of the data model.  But if you're preparing data for use in a browser display, your script is part of the view.  The MVC design pattern dictates isolation of the model and the view (separation of concerns), yet this function is doing two things at once, and is therefore not appropriate for either the model or the view!

If you want to get a better idea of what a clean() function should be doing, just tell us in plain language where the data is coming from and where you want to use the data.  There are fairly well-understood filter and sanitize patterns that we can discuss.
1

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question