Posts tagged: php

If The White House Can Do It…

… why can’t we?

It was announced yesterday that the White House IT folks have released some of their Drupal modules to the open source community. I am used to thinking of government as a dusty dinosaur whose bureaucracy keeps it behind the times. So this surprised me.

It seems we lack institutional support and direction on contributing to open source here at UNH. Is this true? We certainly use open source like gangbusters; we’ll take all the quality free software we can get. But do we contribute back? Are we feeding the virtuous circle, or simply leeching it?

In the midst of trying to better monetize our intellectual property, who amongst our best minds can articulate the corners where capital isn’t actually king?

And, why do I rant like this? Probably because I am more mad at myself than anything for not having made a meaningful contribution to computing in the public domain.

I just want to be like the White House staff, and do it on the clock. ;)

PHP Data Sanitization w/ Filter

PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded easily into HTML. PHP is particularly well designed for dynamic Web applications, server-side scripting and database interaction. However the ease of accessing data stores and presenting dynamic information to users can lead to serious security risks when user input is involved.

Data sanitizing is a simple means of taking any data inputted by a user and filtering out any content your application is not expecting (and you want to avoid!). Never trust the data a user may input will be accurate and harmless. PHP 5.2.0 is packaged with the filter() functions that provide basic filtering of specific types of data based on function arguments:

<?php

$myIPaddress = "10.10.141.3";

if (filter_var($ip, FILTER_VALIDATE_IP)){

     echo $myIPaddress." is a valid IP address";

} else {

     echo $myIPaddress." is not a valid IP address";

}
?>

This basic function performs a check against the variable $myIPaddress to ensure it is a valid IP address. Performing these function checks against user-inputted data via the $_GET or $_POST global arrays is an absolute necessity for any user input field in an application. The filter functions provide standard data filtering saving the time and effort of creating custom functions to filter data.

There are many variations of these functions to check various types of data. Visit http://www.w3schools.com/PHP/filter_validate_ip.asp for more information on specific syntax.

Panorama theme by Themocracy