Adjusting Behavior for Server Settings

Previous page
Table of content
Next page

In the last chapter, the escape_data() function was defined as a way to sanctify user input before storing it in a database. At that time I briefly discussed the ini_get() function, which returns the php.ini setting for a submitted configuration option. In that example, I checked if Magic Quotes (magic_quotes_gpc, specifically) was on, as I don't want to over-escape submitted data. Using the ini_get() function is just one way you can improve the portability of your PHP applications by making scripts behave differently according to server-specific information.

Complementing the ini_get() function is ini_set(), which changes a PHP configuration for the duration of that script. This tool was mentioned in Chapter 3 as a way of turning on PHP's display_errors setting:

 ini_set('display_errors', 1);

While useful for many things, this function's powers are limited. Some features cannot be altered using ini_set(), like Magic Quotes and register_globals (in both cases because the form data will be received by the page before any ini_set() alterations can occur).

Another useful tool for checking out a server's configuration is function_exists(). As you might expect from the name, this function returns either trUE or FALSE to indicate whether a function exists in your PHP installation. You can use it to check if:

  • A user-defined function exists (has been defined).

  • A function added in a recent version of PHP is available.

  • A function that requires external libraries is available for use, like mysql_connect().

Using the function is simple:

 if (function_exists('mysql_connect')) {...

A final category of useful information can be found within the $_SERVER array. You already used this variable once: back in Chapter 1, "Introduction to PHP," to print out the server's PHP version and operating system. In this chapter, you'll see many references to the $_SERVER array.

But first, a slightly new version of the mysql_connect.php script will be written utilizing function_exists().

To use function_exists()

1.

Open mysql_connect.php (Script 7.2) in your text editor or IDE.

2.

After you have connected to and selected the database, begin defining the escape_data() function (Script 8.1).

 function escape_data($data) {

Script 8.1. The escape_data() function is now defined within this, the latest version of the mysql_connect.php script. The escape_data() function now checks for the availability of the mysql_real_escape_string() function before calling it.


As multiple scripts within this application will need this function, you'll define it within the mysql_connect.php page instead of within each individual page.

3.

Check for, and respond to, the Magic Quotes setting.

 if (ini_get('magic_quotes_gpc')) {   $data = stripslashes($data); }

This is a repetition of what you've seen before. The ini_get() function will return TRUE or FALSE indicating whether Magic Quotes GPC is on. If it is, the data will have already been escaped and I'll want to remove those slashes before using the database-specific escaping function.

4.

Check for, and respond to, the existence of the mysql_real_escape_string() function.

 if (function_exists('mysql_real_  escape_string)) {   global $dbc;   $data = mysql_real_escape_string     (trim($data), $dbc); } else {   $data = mysql_escape_string     (trim($data)); }

The conditional checks if the mysql_real_escape_string() function is available for use (it was added in version 4.3 of PHP, which your server may not be running). If it is, the database connection$dbcis made available via the global statement. Next, the mysql_real_escape_string() function is applied to the trimmed data.

If that particular function is not available, the older mysql_escape_string() function is used instead. This function works in much the same way but does not require a database connection.

5.

Complete the function definition.

  return $data; }

The last step is to return the escaped data back to the script that called this function.

6.

Save the file and upload it to your server.

Remember to place this file outside of your Web root directory, if at all possible. See the preceding chapter for details.

Tips

  • Similar to the function_exists() function is extension_loaded(). This function returns TRUE or FALSE to indicate whether the extension name given as an argument is loaded in your PHP configuration. You can use it to check, for example, if PHP has MySQL support enabled.

  • To see the list of configurable options, see www.php.net/manual/en/ini.php. Any ption marked as either PHP_INI_ALL or PHP_INI_USER can be adjusted with ini_set().

  • This version of the mysql_connect.php script will be used several times over the course of this book, so make sure that you are comfortable with its syntax and functionality.



    Previous page
    Table of content
    Next page
    PHP and MySQL for Dynamic Web Sites. Visual QuickPro Guide
    PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    ISBN: 0321336577
    EAN: 2147483647
    Year: 2005
    Pages: 166
    Authors: Larry Ullman
    BUY ON AMAZON
    Crystal Reports 9 on Oracle (Database Professionals)
    Beginning Cryptography with Java
    Java How to Program (6th Edition) (How to Program (Deitel))
    The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
    .NET System Management Services
    DNS & BIND Cookbook
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy