Beginning PHP5 Skim Throughs, Part 3: Cleaning Strings, RegEx, and DB Surprise!


As mentioned in the last post, chapter 5 deals with "robust and healthy" code.  So first it goes through debugging stuff, which I already knew about so skipped most.  Then it moved into form validation, starting with really basic stuff (i.e. field has a value, etc) and some of the string validation stuff I've already reviewed.  It does mention a few more functions worth knowing for processing user entered stuff though: htmlspecialchars(), addslashes() and stripslashes().

<?php
    $badStuff = '<strong>Look look I put in HTML tags!!<script type="javascript">nasty code here</script></strong>';
    
    echo "Bad Stuff: " . $badStuff;
    
    echo "<p>";
    
    $badStuff = htmlspecialchars($badStuff);
    
    echo "Bad Stuff Cleaned: " . $badStuff;
    echo "<p>";
    
    $contentForDB = "I'll be seeing you later.";
    
    echo addslashes($contentForDB);
    echo "<p>";
    echo stripslashes($contentForDB);
?>

As I recall, add/strip slashes functions are particular important as PHP has nothing like QueryParam to automatically handle any issues with content with a ' in it that is going to either be insert into an SQL statement.

The next bit goes into regular expressions, which I am already pretty familiar with in general.  For PHP specific stuff, it talks about ereg() which is now deprecated, per the PHP docs.  It's been replaced with preg_match, which is "find" version of the preg_replace, and preg_match_all which is closer to being the equivalent of ReFind.

<?php
    $someContent = 'Thunder, thunder, thundercats, Ho! Thundercats are on the move, Thundercats are loose. Feel the magic, hear the roar, Thundercats are loose. Thunder, thunder, thunder, Thundercats! Thunder, thunder, thunder, Thundercats! Thunder, thunder, thunder, Thundercats! Thunder, thunder, thunder, Thundercats! Thundercats!';
    
    $pattern = '/\bthunder\b/';
    
    $foundMatch = preg_match($pattern, $someContent, $aFirstMatch);
    
    if ($foundMatch)
        echo "I found instances of thunder that isn't thundercats";
    else
        echo "Nope, no thunder by itself";
        
    echo "<pre>";
    print_r($aFirstMatch);
    echo "</pre>";
    
    $foundMatches = preg_match_all($pattern, $someContent, $aMatches);
    
    if ($foundMatches)
        echo "I found " . count($aMatches[0]) . " instances of thunder that isn't thundercats";
    else
        echo "Nope, no thunder by itself";
        
    echo "<pre>";
    print_r($aMatches);
    echo "</pre>";
    
    $pattern = '/\bthunder\b/i';
    $foundCSIMatches = preg_match_all($pattern, $someContent, $aCSIMatches);
    
    if ($foundCSIMatches)
        echo "I found " . count($aCSIMatches[0]) . " instances of thunder that isn't thundercats when I ignore the case.";
        
    echo "<pre>";
    print_r($aCSIMatches);
    echo "</pre>";
?>

From the examples I've seen, it seems like it's fairly common to put your RegEx pattern in a variable before using, I guess for cleaner reading code? I can see how it would help, though I'm still a bit confused on why sometimes you have to end your regular expression with a \ while other times you don't.

Then the last bit of this chapter brings out the new (at the time) to PHP5: try/catch!!!  So happy to see this is now an option in PHP.  Yay! Although, from my initial tests, it doesn't to work that well…I still got errors that I would have expected to have been caught, so I'll have to explore that more in a bit.

But first…I was going to end this post with a conversion from ColdFusion to PHP, but then I discovered something else new.  mysql_connect and all it's related functions are DEPRECATED in favor of using the mysqli stuff.  So back to instead, I'll end this post with redoing my earlier DB code using the mysqli stuff, which is very different from the old way. The connection code is simpler (and only one line, yay).  Getting an individual row is very different.

<?php
    // $dbConnection = new mysqli("localhost", "username", "password", "phpTraining");
    $dbConnection = new mysqli("sdg-dbdev.vlan-two.com", "sswilson", "Idwmg,AIfamd.", "sdg_training");
     
    $qVideoGames = $dbConnection->query("
        SELECT videogameid, title, dateacquired, num_discs, esrb_rating, publisher, genre, platform, seriesname 
        FROM videogames
        ORDER BY dateacquired DESC, videogameid DESC
    ");
     
    echo "The table currently contains " . $qVideoGames->num_rows . " row(s)";
    $aVideoGames = $qVideoGames->fetch_assoc();
    echo "The most recently acquired game is " . $aVideoGames["title"] . " for the " . $aVideoGames["platform"];
?>

This will take a bit more getting used to…in my next post on this I'm going to do that conversion, which will also include the new way to loop query results 🙂