I would like to check if there are blank embedded forms into my form, and delete the old ones from my database, and unset the new ones, so the validators don't consider them....
what I'm doing is to unset() the forms i don't want to consider,, but I was wondering if there is any better symfonian way to do it... I've seen the code of sfForm.class.php, but didn't find a method just the opposite to embbedForm()
Any ideas? do I have to use unset()?
Use it without worries.
Just like you did to unset form fields in the older symfony versions (fx unset($this['name']). Newer versions have introduced a method useFields($array), but you can still use the unset function. As you can see here here, you can use it to unset an array element. And symfony's sfForm implements ArrayAccess.
Related
I am using cakephp 2.3 recently, and I came a doubt.
I need to pass an array (variable), a plugin for a controller, both of which do not have direct connection.
I wonder of you, what better way to pass this variable, no link between two files?
For example I am researching using:
where I need to record this variable.
Configure::write('idParaImagens', $id);
and this where I need to read this variable.
Configure::read('idParaImagens');
the question is,
how this variable will be widely used, this would be the best way to do this?
for safety, certainty of reading and writing, etc., it would be best to do?
I would write method in plugin, that returns needed array. Either in plugin's Component or plugin's helper depending on where you need this data. It will be straight and clear where this data comes from.
Using Configure::write() and Configure::read() or Session for passing variables between plugin and application will be pain in ass to maintain later.
I've inherited some PHP code that I need to make significant changes on. I know with PHP it is possible to serialize an Object, and pass the serialized text between pages as FormData. In the code I've inherited, they have done just that, But this is creating some maintainability problems. I'm wondering if taking this approach is even a good idea.
For example ...
When the user opens PageA.php the following is created:
$expensiveObj = new ExpensiveClass($id);
The $expensiveObj is then serialized and the resulting text is stored in a div with the following:
<div id="expensiveObj"><?php echo strtr(base64_encode(serialize($expensiveObj)), '+/=', '-_,');?></div>
When PageA.php loads, an ajax call is made to PageB.php. The content of the div is passed along as a post variable to PageB.php. Within PageB.php the following code unserializes the object:
$expensiveObj = unserialize(base64_decode(strtr($_POST['expensiveObj'], '-_,', '+/=')));
The fields and methods of the $expensiveObj are now accessible to PHP. The problems I'm encountering are
Because the $expensiveObj is not identified in PageB.php as an instance of the Class ExpensiveClass then the IDE doesn't know that the fields and functions of ExpensiveClass are available. I can't do autocomplete, nor lookup within the IDE what functions are available. Plus the IDE can't catch potential issues. The other developer worked exclusively in VI, so he never cared.
PageB.php needs to be re-factored. There is view, business, and controller logic all happening within this page, I would prefer to create a couple of classes, but I'm encountering a problem where I don't know how to pass the $expensiveObj to a class.
My questions are, is there a way to pass an Object to a class? And is there a way inform the IDE that the passed in post variable is indeed an instance of ExpensiveClass?
Lastly, is it even a good idea to be passing around objects this way, or should I be looking at a larger re-factor?
Storing objects directly in HTML is never a good idea, because it can be easily changed by client. In PHP is more common to create new object on every request according to given parameters. I see you are initializing your object using $id, so you can just pass this id between requests. Storing data to session also isn't best practice, session should be used for session-specific data, e.g. logged-in user etc.
If the creation of the object is very expensive, you can use cache, e.g. memcache, some external library or just to write your own, for example storing data in JSON on file system or in database.
I've seen different comments all over the place, some say that zend framework automatically sanitizes post/get data but others say it doesn't.
What's the deal? I've seen that doing it in the predispatch with a foreach on getParams is the quickest way, but does anyone have any suggestions?
Probably the deal is about Zend_Controller_Request vs the Zend_Db. Request data are often put into the DB.
Request object does not escape anything. You may force it to do using filters, form filters or e.g. using the reflection technique described here:
Actions, now with parameters!
Zend_Db queries are basically escaped like in other ORM's, like in PDO.
It does not automatically sanitize any request data. It cannot, because that requires it to know how to sanitize it, e.g. should $_GET['foo'] be string sanitized or for numbers? You have to tell it.
Whether you sanitize input manually in the respective Controller Actions or in an ActionHelper or automatically in a Controller Plugin or during bootstrap or with a mixture of these is up to you.
Use what is appropriate.
It definitely doesn't automatically sanitise your variables for you. You could do something like foreach or use array_map depending on the context, for example:
$_POST = array_map('mysql_real_escape_string', $_POST);
Ideally though you should treat each variable on a case by case basis. Personally i make a lot of use of PHP's filter_var for filtering and sanitizing.
I'm familiarizing myself with Kohana. I've been reading up on the Input library, which automatically pre-filters GET and POST data for me, and the Validation libary, which helps with form filtering and validation.
Should I use both together? The examples given in the Validation library documentation use the unfiltered $_POST array instead of $this->input->post(). Seems to me it would be more secure to chain the two, but the two sets of documentation seem to make no mention of each other, so I don't know if this would be redundant or not.
The $_POST, $_GET, and $_COOKIE globals are pre-sanitized if global XSS filtering is turned on (it's on by default). That's one of the reasons why your code extends the Kohana classes, so that housekeeping stuff like input sanitization is taken care of for you. They encourage use of the input library methods, though, so there's no reason not to use them. They may just use $_POST in the validation examples because they want to explain the different libraries independent of one another.
Their code to instantiate a validation class should be:
$post = new Validation( $this->input->post() );
And yes, by all means use them together! It's all meant to fit together nicely.
Yes, use both of them together.
If you review the Input library, you'll see that if it is enabled (which is the default and can be disabled via changing $config['global_xss_filtering'] to FALSE, in config/config.php), then it modifies the $_POST, $_GET, $_SERVER, and $_COOKIE variables, so whether you access them through $this->input->get(), or $_GET, the values will both be filtered.
I got an old PHP system integrated with a new CakePHP one. The problem is when displaying data I occasionally get index undefined errors meaning the models aren't related to where they're supposed to be maybe because there's no validation. There are gaps resulting into models loosing their relationship with a model I'm expecting hence te index undefined error.
What do you guys think is the best way to remedy this issue if let's say I can't touch the old PHP system?
You can use if (isset($post['Comment'])) style checks before using indexes that may or may not exist as well.
First, I think empty() is now preferred to isset() as empty checks for nulls, zeroes, and empty strings, as well as whether or not something is set.
Second, if your issue is relating the models then debug($this->model1->model2) is your best friend. It will show you if the models are properly related (It should state model2 object in bold if all is well, anything else and your relations aren't working.).
If you can't touch the old system, you can still make it work and look like cake by creating a cake model for it. Set the model to use no table, and build functions that will shape the resulting arrays and objects into cakephp arrays. Essentially, create a cake wrapper for the old functions. You can use the inflector class to help automate that a bit
You could potentially use the model's afterFind callback to massage your data into the correct form.