functions for handling types, comparisons, conversions, validation etc
Quote each element in a set of values.
quote all elements of an array against XSS attacks using xssqw function
tests if string is a plausible member of a radio-button choice set
Converts Windows characters (charset cp-1252 or windows-1252) to UTF-8
debugging function to conditionally print data to the browser
If an array key is set, return that value, else return a default
Combines isset and ternary operator to make for cleaner code that is quiet when run with E_ALL.
Verifies that the supplied string is correctly UTF-8 encoded
Two versions are presented here -- the simple version with just the /u regexp is significantly faster than the more complicated byte-checking version but the /u regexp doesn't always catch bad UTF-8 sequences.
PCRE /u version from: http://www.phpwact.org/php/i18n/charsets%23checking_utf-8_for_well_formedness
Regexp version from http://w3.org/International/questions/qa-forms-utf-8.html
is variable composed purely of alphabetic data [A-Za-z_-]
tests if string is a amount for a price
tests if string is a amount for a price but allows blank entries
tests if string is a sensible email format
does not test full RFC822 compliance or that the address exists, just that it looks like a standard email address with a username part @ and domain part with at least one dot
tests if string is non-empty
note that in PHP, '' == '0' etc so test has to use strlen
tests if string is number
tests if string is valid date-time expression YYYY-MM-DD HH:MM
tests if string is valid time expression HH:MM or HH:MM:SS format other than 00:00:00
tests if string is a member of a radio button choice set
tests if string is valid time expression HH:MM or HH:MM:SS format
simple debugging function to print out arrays and objects
uses print_r/var_dump or dBug within HTML pre tags for easier inspection of classes and arrays
Quote data for passing to the database
Fixes programatically generated data so that it is correctly escaped. Deals with magic_quotes_gpc to remove slashes so that the input is sensible and doesn't end up accummulating escape characters with multiple submissions.
Also tests that the supplied string is actually UTF-8 encoded, as if it is correctly UTF-8 encoded then we can be sure that we are protected against byte munging multibyte attacks that addslashes() is normally susceptible to. (that is where the last byte of a multibyte sequence is 0x5c (\) so addslashes() is braindead enough to try and escape it creating a multibyte character followed by a backslash.... thus addslashes() has created a SQL injection vector rather than closing it. For more info see: http://shiflett.org/archive/184
Quote data for passing to the database, enclosing data in quotes etc
tests if a set of numbers add to 100 (set of percentages should add to 100)
Remove quoting around expressions and remove slashes in data to escape bad chars
quote words against XSS attacks by converting tags to html entities
replace some bad HTML characters with entities to protext against cross-site scripting attacks. the generated code should be clean of nasty HTML
quote words against XSS attacks but allow some html tags through (unsafe attributes are removed)
Documentation generated on Tue, 06 Mar 2007 10:02:04 +0000 by phpDocumentor 1.3.0