Current time: 08-02-2014, 12:22 AM Hello There, Guest! (LoginRegister)


Post Reply 
How does MyBB Clean Posted Variables?
01-04-2008, 04:42 AM
Post: #1
How does MyBB Clean Posted Variables?
I know vBulletin has a way of "cleaning" data that is posted via a form (i.e. stripping it to nothing but text, or similar), though I've not yet seen how MyBB cleans the data upon browsing through the code.

Does MyBB have a class or function that cleans posted data automatically?

I need to run it through an entire form we're using for our customer backend and any help with this would be greatly appreciated.


Thanks,

Jonathan

- Jon T. & Kim B.
- AirborneFive Co-Owner's
- Optimized Web Hosting Solutions | Starting @ Only $2/mo
- First Month of Service Free! | Coupon: FIRSTMONTHFREE
Visit this user's website Find all posts by this user
Quote this message in a reply
01-04-2008, 05:34 AM
Post: #2
RE: How does MyBB Clean Posted Variables?
PHP Code:
$db->escape_string(); 

[Image: sig.php]
The little boat gently drifted across the pond exactly the way a bowling ball wouldn't.
Visit this user's website Find all posts by this user
Quote this message in a reply
01-04-2008, 06:39 AM
Post: #3
RE: How does MyBB Clean Posted Variables?
Do you perhaps have an example of use?

Say if I had $_POST['username'], $_POST['password'] ect, how would I run that through and clean the variables?

- Jon T. & Kim B.
- AirborneFive Co-Owner's
- Optimized Web Hosting Solutions | Starting @ Only $2/mo
- First Month of Service Free! | Coupon: FIRSTMONTHFREE
Visit this user's website Find all posts by this user
Quote this message in a reply
01-04-2008, 06:50 AM (This post was last modified: 01-04-2008 07:10 AM by MrD..)
Post: #4
RE: How does MyBB Clean Posted Variables?
PHP Code:
$username $db->escape_string($_POST['username']);
$password $db->escape_string($_POST['password']); 

You obviously need access to MyBB's $db variable for this to work. It doesn't strip it "just to text", but it does make it safe to be put in the database.

If you want just text, you can use in in conjunction with PHP's "strip_tags" function.

[Image: sig.php]
The little boat gently drifted across the pond exactly the way a bowling ball wouldn't.
Visit this user's website Find all posts by this user
Quote this message in a reply
01-04-2008, 07:16 AM
Post: #5
RE: How does MyBB Clean Posted Variables?
One last question and I believe we should have it Smile.

So if I have:

Code:
$user = array (
    "firstname" => $mybb->input["firstname"],
    "lastname" => $mybb->input["lastname"],
);

Would I simply surround the $mybb->input['xxx'] with the $db->escape_string, just as with the $_POST variables, or should I use $_POST instead?

- Jon T. & Kim B.
- AirborneFive Co-Owner's
- Optimized Web Hosting Solutions | Starting @ Only $2/mo
- First Month of Service Free! | Coupon: FIRSTMONTHFREE
Visit this user's website Find all posts by this user
Quote this message in a reply
01-04-2008, 07:35 AM
Post: #6
RE: How does MyBB Clean Posted Variables?
PHP Code:
$user = array (
    
"firstname" => $db->escape_string($mybb->input["firstname"]),
    
"lastname" => $db->escape_string($mybb->input["lastname"]),
); 

[Image: sig.php]
The little boat gently drifted across the pond exactly the way a bowling ball wouldn't.
Visit this user's website Find all posts by this user
Quote this message in a reply
01-04-2008, 08:12 AM
Post: #7
RE: How does MyBB Clean Posted Variables?
Great, thank you very much, I appreciate the help!


Thanks again,

Jonathan

- Jon T. & Kim B.
- AirborneFive Co-Owner's
- Optimized Web Hosting Solutions | Starting @ Only $2/mo
- First Month of Service Free! | Coupon: FIRSTMONTHFREE
Visit this user's website Find all posts by this user
Quote this message in a reply
01-04-2008, 05:31 PM
Post: #8
RE: How does MyBB Clean Posted Variables?
$db->escape_string only make the string safe for database insertion. You need to use htmlspecialchars or strip_tags when displaying string you don't want to be parsed as HTML.
Find all posts by this user
Quote this message in a reply
01-09-2008, 05:17 PM
Post: #9
RE: How does MyBB Clean Posted Variables?
Also remember, that integers need to be passed through the intval() function upon database insertion.

This function ensures that the variable is indeed an integer, and will fail if the variable isn't an integer.

You can find a lot of good examples throughout the MyBB Code Base, and in the Wiki.

ryanashbrook.co - My Blog - @ryanashbrook
Do NOT PM me for Support!
Visit this user's website Find all posts by this user
Quote this message in a reply
01-09-2008, 06:07 PM
Post: #10
RE: How does MyBB Clean Posted Variables?
Appreciate the information, Ryan Smile.

We've got the basic form completed and it's working to standard and though we're not (yet) inserting integers into the database through the form, I will keep that in mind!


Thanks again everyone!

- Jon T. & Kim B.
- AirborneFive Co-Owner's
- Optimized Web Hosting Solutions | Starting @ Only $2/mo
- First Month of Service Free! | Coupon: FIRSTMONTHFREE
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | MyBB | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication