Go Back   vb.org Archive > vBulletin 3 Discussion > vB3 Programming Discussions

Reply
 
Thread Tools Display Modes
  #21  
Old 02-11-2007, 08:16 PM
RedTyger's Avatar
RedTyger RedTyger is offline
 
Join Date: Nov 2006
Location: UK
Posts: 1,310
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

That's what I just said.

Is there any reason to use the input cleaner instead of just performing the checks yourself as I suggested? The advantage that way is that you don't have to change the way you access the variable and you can also assign extra or different checks instead of being limited to the few GPCs and can assign if/else to deal with the data as well. That's a terrific tutorial but the one thing it doesn't do is explain why you should use it instead of your own way.
Reply With Quote
  #22  
Old 02-12-2007, 01:11 PM
KingPuyol KingPuyol is offline
 
Join Date: Oct 2006
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Thanks

If I did this:
$playername = SELECT name FROM players WHERE id='" . $_REQUEST['id'] . ''

Will it work?
Reply With Quote
  #23  
Old 02-12-2007, 03:44 PM
Guest190829
Guest
 
Posts: n/a
Default

Quote:
Originally Posted by RedTyger View Post
That's what I just said.

Is there any reason to use the input cleaner instead of just performing the checks yourself as I suggested? The advantage that way is that you don't have to change the way you access the variable and you can also assign extra or different checks instead of being limited to the few GPCs and can assign if/else to deal with the data as well. That's a terrific tutorial but the one thing it doesn't do is explain why you should use it instead of your own way.
It complies with vBulletin's coding standards, I don't know why you wouldn't want to use a tool like that provided for you. If you are going to run the sanitizing functions manually, it is fine, but it is always open to you forgetting to clean a variable. If you use $vbulletin->GPC, you have more confidence that your variables are being cleansed properly.
Reply With Quote
  #24  
Old 02-12-2007, 04:08 PM
Analogpoint's Avatar
Analogpoint Analogpoint is offline
 
Join Date: Feb 2007
Posts: 656
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

The only case where I would consider not using vB's sanitizing functions would be if you're only dealing with one single int variable in a plugin, then it would probably be more readable/simpler to just use intval to force it to be an int. If I remember right, that's what vB does anyway to sanitize an int variable.

$i = intval ($_GET['i']);

In all other cases (and maybe even in this one), follow Danny's advice.
Reply With Quote
  #25  
Old 02-13-2007, 12:24 PM
KingPuyol KingPuyol is offline
 
Join Date: Oct 2006
Posts: 48
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

What should I put in the red text if I'm going to using REDTYGER's advice?

Code:
if($_GET['id'] == "here)
{
do something else;
}
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:43 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04534 seconds
  • Memory Usage 2,193KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_code
  • (1)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (2)pagenav_pagelink
  • (5)post_thanks_box
  • (5)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (5)post_thanks_postbit_info
  • (5)postbit
  • (4)postbit_onlinestatus
  • (5)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete