MyBB Community Forums
How does MyBB Clean Posted Variables? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Extensions (https://community.mybb.com/forum-201.html)
+--- Forum: Plugins (https://community.mybb.com/forum-73.html)
+---- Forum: Plugin Development (https://community.mybb.com/forum-68.html)
+---- Thread: How does MyBB Clean Posted Variables? (/thread-27094.html)

Pages: 1 2


How does MyBB Clean Posted Variables? - AirborneFive - 2008-01-04

I know vBulletin has a way of "cleaning" data that is posted via a form (i.e. stripping it to nothing but text, or similar), though I've not yet seen how MyBB cleans the data upon browsing through the code.

Does MyBB have a class or function that cleans posted data automatically?

I need to run it through an entire form we're using for our customer backend and any help with this would be greatly appreciated.


Thanks,

Jonathan


RE: How does MyBB Clean Posted Variables? - MrD. - 2008-01-04

$db->escape_string();



RE: How does MyBB Clean Posted Variables? - AirborneFive - 2008-01-04

Do you perhaps have an example of use?

Say if I had $_POST['username'], $_POST['password'] ect, how would I run that through and clean the variables?


RE: How does MyBB Clean Posted Variables? - MrD. - 2008-01-04

$username = $db->escape_string($_POST['username']);
$password = $db->escape_string($_POST['password']);

You obviously need access to MyBB's $db variable for this to work. It doesn't strip it "just to text", but it does make it safe to be put in the database.

If you want just text, you can use in in conjunction with PHP's "strip_tags" function.


RE: How does MyBB Clean Posted Variables? - AirborneFive - 2008-01-04

One last question and I believe we should have it Smile.

So if I have:

$user = array (
	"firstname" => $mybb->input["firstname"],
	"lastname" => $mybb->input["lastname"],
);

Would I simply surround the $mybb->input['xxx'] with the $db->escape_string, just as with the $_POST variables, or should I use $_POST instead?


RE: How does MyBB Clean Posted Variables? - MrD. - 2008-01-04

$user = array (
    "firstname" => $db->escape_string($mybb->input["firstname"]),
    "lastname" => $db->escape_string($mybb->input["lastname"]),
);



RE: How does MyBB Clean Posted Variables? - AirborneFive - 2008-01-04

Great, thank you very much, I appreciate the help!


Thanks again,

Jonathan


RE: How does MyBB Clean Posted Variables? - laie_techie - 2008-01-04

$db->escape_string only make the string safe for database insertion. You need to use htmlspecialchars or strip_tags when displaying string you don't want to be parsed as HTML.


RE: How does MyBB Clean Posted Variables? - Ryan Ashbrook - 2008-01-09

Also remember, that integers need to be passed through the intval() function upon database insertion.

This function ensures that the variable is indeed an integer, and will fail if the variable isn't an integer.

You can find a lot of good examples throughout the MyBB Code Base, and in the Wiki.


RE: How does MyBB Clean Posted Variables? - AirborneFive - 2008-01-09

Appreciate the information, Ryan Smile.

We've got the basic form completed and it's working to standard and though we're not (yet) inserting integers into the database through the form, I will keep that in mind!


Thanks again everyone!