/inc/typeinfo.php

Description

functions for handling types, comparisons, conversions, validation etc

Functions
array_qw (line 149)

Quote each element in a set of values.

  • return: list of quoted strings
array array_qw (array $list)
  • array $list: list of values to qw quote for use in SQL
array_xssqw (line 336)

quote all elements of an array against XSS attacks using xssqw function

  • return: of strings quoted
array array_xssqw (array $a)
  • array $a: array of strings to be quoted
checkValidInclude (line 15)
void checkValidInclude ()
choice_set (line 358)

tests if string is a plausible member of a radio-button choice set

boolean choice_set (string $v)
  • string $v: string to test
commaFloat (line 496)
void commaFloat ( $str)
  • $str
cp1252_to_utf8 (line 216)

Converts Windows characters (charset cp-1252 or windows-1252) to UTF-8

  • return: UTF-8 string
string cp1252_to_utf8 ( $str, string $v)
  • string $v: string to be tested
  • $str
currencyFormatter (line 487)
void currencyFormatter ( $value)
  • $value
currencyValueCleaner (line 470)
void currencyValueCleaner ( $value)
  • $value
echoData (line 61)

debugging function to conditionally print data to the browser

void echoData (mixed $v, [boolean $DEBUG = 0])
  • mixed $v: variable to be printed
  • boolean $DEBUG: print data if true
issetSet (line 32)

If an array key is set, return that value, else return a default

Combines isset and ternary operator to make for cleaner code that is quiet when run with E_ALL.

  • return: returns either $a[$k] if it exists or $default
mixed issetSet (array &$a, string $k, [mixed $default = NULL])
  • array &$a: (passed by ref for efficiency only) array to lookup
  • string $k: the key to be checked
  • mixed $default: (optional) the default value to return if not index not set
isUTF8 (line 186)

Verifies that the supplied string is correctly UTF-8 encoded

Two versions are presented here -- the simple version with just the /u regexp is significantly faster than the more complicated byte-checking version but the /u regexp doesn't always catch bad UTF-8 sequences.

PCRE /u version from: http://www.phpwact.org/php/i18n/charsets%23checking_utf-8_for_well_formedness

Regexp version from http://w3.org/International/questions/qa-forms-utf-8.html

  • return: string is UTF-8 encoded
boolean isUTF8 (string $v)
  • string $v: string to be tested
is_alphabetic (line 74)

is variable composed purely of alphabetic data [A-Za-z_-]

boolean is_alphabetic (string $var)
  • string $var: string to be tested
is_cost_amount (line 406)

tests if string is a amount for a price

  • todo: //TODO: strengthen this test?
boolean is_cost_amount (string $v)
  • string $v: string to test if it is a valid cost
is_cost_amount_or_blank (line 416)

tests if string is a amount for a price but allows blank entries

boolean is_cost_amount_or_blank (string $v)
  • string $v: string to test if it is a valid cost
is_email_format (line 382)

tests if string is a sensible email format

does not test full RFC822 compliance or that the address exists, just that it looks like a standard email address with a username part @ and domain part with at least one dot

boolean is_email_format (string $v)
  • string $v: string to test for email format
is_nonempty_string (line 347)

tests if string is non-empty

note that in PHP, '' == '0' etc so test has to use strlen

boolean is_nonempty_string (string $v)
  • string $v: string to test for emptiness
is_number (line 395)

tests if string is number

boolean is_number (string $v)
  • string $v: string to test if it is a number
is_valid_datetime (line 427)

tests if string is valid date-time expression YYYY-MM-DD HH:MM

  • todo: //TODO: can this be relaxed to be more user-friendly without introducing errors
boolean is_valid_datetime (string $v)
  • string $v: string to test it is a date-time string
is_valid_nonzero_time (line 449)

tests if string is valid time expression HH:MM or HH:MM:SS format other than 00:00:00

  • todo: //TODO: can this be relaxed to be more user-friendly without introducing errors
boolean is_valid_nonzero_time (string $v)
  • string $v: string to test if it is a time string
is_valid_radiochoice (line 369)

tests if string is a member of a radio button choice set

boolean is_valid_radiochoice (string $v)
  • string $v: string to test
is_valid_time (line 438)

tests if string is valid time expression HH:MM or HH:MM:SS format

  • todo: //TODO: can this be relaxed to be more user-friendly without introducing errors
boolean is_valid_time (string $v)
  • string $v: string to test it is a time string
numberFormatter (line 480)
void numberFormatter ( $value,  $dp)
  • $value
  • $dp
preDump (line 42)

simple debugging function to print out arrays and objects

uses print_r/var_dump or dBug within HTML pre tags for easier inspection of classes and arrays

void preDump (mixed $v)
  • mixed $v: object or array to print
q (line 107)

Quote data for passing to the database

Fixes programatically generated data so that it is correctly escaped. Deals with magic_quotes_gpc to remove slashes so that the input is sensible and doesn't end up accummulating escape characters with multiple submissions.

Also tests that the supplied string is actually UTF-8 encoded, as if it is correctly UTF-8 encoded then we can be sure that we are protected against byte munging multibyte attacks that addslashes() is normally susceptible to. (that is where the last byte of a multibyte sequence is 0x5c (\) so addslashes() is braindead enough to try and escape it creating a multibyte character followed by a backslash.... thus addslashes() has created a SQL injection vector rather than closing it. For more info see: http://shiflett.org/archive/184

  • return: with slashes added as appropriate.
string q (string $v)
  • string $v: string to be quoted
qw (line 84)

Quote data for passing to the database, enclosing data in quotes etc

  • return: '$v' with slashes added as appropriate.
string qw (string $v)
  • string $v: string to be quoted
sum_is_100 (line 460)

tests if a set of numbers add to 100 (set of percentages should add to 100)

boolean sum_is_100 (array $vs)
  • array $vs: list of values to test if sum is 100
unqw (line 163)

Remove quoting around expressions and remove slashes in data to escape bad chars

  • return: unquoted string
string unqw (string $v)
  • string $v: string to be unquoted
xssqw (line 263)

quote words against XSS attacks by converting tags to html entities

replace some bad HTML characters with entities to protext against cross-site scripting attacks. the generated code should be clean of nasty HTML

  • return: with html converted to entities
string xssqw (string $v, [boolean $strip = true])
  • string $v: string to be quoted
  • boolean $strip: strip slashes first
xssqw_relaxed (line 288)

quote words against XSS attacks but allow some html tags through (unsafe attributes are removed)

  • return: with html converted to entities
string xssqw_relaxed (string $v)
  • string $v: string to be quoted
xssqw_relaxed_helper (line 316)
void xssqw_relaxed_helper ( $tags,  $tag,  $attribs,  $content)
  • $tags
  • $tag
  • $attribs
  • $content

Documentation generated on Tue, 06 Mar 2007 10:02:04 +0000 by phpDocumentor 1.3.0