[advanced search]
 

Go Back   NamePros.com > Discussion > Web Design & Development > Programming

Programming PHP, Perl, Ruby on Rails, AJAX, HTML, XHTML, CSS, JavaScript, MySQL and any other coding topics.


Closed Thread
 
LinkBack Thread Tools
Old 05-21-2007, 11:17 AM   #1 (permalink)
NamePros Regular
 
DylanButler's Avatar
 
Join Date: Jan 2006
Location: San Diego, CA
Posts: 704
0.00 NP$ (Donate)

DylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to behold


Cleaning up SMARTY data

RESOLVED
__________________
:great: -Dylan Butler

EXAMP - San Diego Web Design

Last edited by DylanButler; 05-21-2007 at 01:53 PM.
DylanButler is offline  
Old 05-21-2007, 01:03 PM   #2 (permalink)
NPQ's PA, Slave, and On Call Coder

Technical Services


 
Eric's Avatar
 
Join Date: Mar 2005
Posts: 4,545
0.71 NP$ (Donate)

Eric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond repute

Save a Life Child Abuse 9/11/01 :: Never Forget Baby Health Marrow Donor Program AIDS/HIV Breast Cancer Cystic Fibrosis Ethan Allen Fund Animal Cruelty Ethan Allen Fund Ethan Allen Fund Cancer Alzheimer's Protect Our Planet Cancer Survivorship SIDS Child Abuse
Quote:
Originally Posted by DylanButler
Hi,
I am building a 'comment section' for my music video web site. It uses SMARTY display templates and I need to clean up the data returned from the DB before parsing it to HTML.

Here is my insert code:
Code:
$name = addslashes($name);
$message = addslashes($message);
$query = mysql_query("INSERT INTO comments (name, message, item_id, date_added) values ('$name', '$message', $item_id, '$date')") or die('Could not insert');
item.php:
Code:
$comments =& DBI::getAll(
    'SELECT c.name, c.message, c.date_added ' .
    'FROM comments c ' .
    'WHERE c.item_id = ' . DBI::quote($id)
    );

Template::set('comments', $comments);

//Tried this and does not work.
Template::set('comments.name', stripslashes($comments['name']));
and the display template:
Code:
{foreach from=$comments item=comment}
<div class="comment">
Name: {$comment.name}<br />
Message: {$comment.message}<br />
<small>Posted on: {$comment.date_added}</small>
</div>
{/foreach}
Is there a way to clean up $comment.name and $comment.message? Do I have to do it from inside the loop? I can't figure out how to make PHP run in the display template.

EDIT: Also, how can I strip out malicious code in both fields? Thanks!

Help Appreciated
You could try this, as your template code:
Code:
{foreach from=$comments item=comment}
<div class="comment">
Name: {$comment.name|strip_tags|replace:'\\'':''}<br />
Message: {$comment.message|strip_tags|replace:'\\'':''}<br />
<small>Posted on: {$comment.date_added|strip_tags|replace:'\\'':''}</small>
</div>
{/foreach}
or...
PHP Code:
$comments =& DBI::getAll(
    
'SELECT c.name, c.message, c.date_added ' .
    
'FROM comments c ' .
    
'WHERE c.item_id = ' . DBI::quote($id)
    );
$comments = array_map('stripslashes', $comments);

Template::set('comments', $comments);
__________________
Eric is offline  
Old 05-21-2007, 01:14 PM   #3 (permalink)
NamePros Regular
 
DylanButler's Avatar
 
Join Date: Jan 2006
Location: San Diego, CA
Posts: 704
0.00 NP$ (Donate)

DylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to behold


Quote:
Originally Posted by SecondVersion
You could try this, as your template code:
Code:
{foreach from=$comments item=comment}
<div class="comment">
Name: {$comment.name|strip_tags|replace:'\\'':''}<br />
Message: {$comment.message|strip_tags|replace:'\\'':''}<br />
<small>Posted on: {$comment.date_added|strip_tags|replace:'\\'':''}</small>
</div>
{/foreach}
or...
PHP Code:
$comments =& DBI::getAll(
    
'SELECT c.name, c.message, c.date_added ' .
    
'FROM comments c ' .
    
'WHERE c.item_id = ' . DBI::quote($id)
    );
$comments = array_map('stripslashes', $comments);

Template::set('comments', $comments);
Cool cool, but each doesn't quite work.

First one returns this error:
Fatal error: Smarty error: [in item.tpl line 83]: syntax error: unrecognized tag: $comment.name|strip_tags|replace:'\\'':'' (Smarty_Compiler.class.php, line 415) in Smarty.class.php on line 1084

Second one (I'd prefer to do it this way) returns the letter 'A' for all of the results for some reason.

Also, is there anything anyone recommends as far as inserting the data?
__________________
:great: -Dylan Butler

EXAMP - San Diego Web Design

Last edited by DylanButler; 05-21-2007 at 01:17 PM.
DylanButler is offline  
Old 05-21-2007, 01:24 PM   #4 (permalink)
NPQ's PA, Slave, and On Call Coder

Technical Services


 
Eric's Avatar
 
Join Date: Mar 2005
Posts: 4,545
0.71 NP$ (Donate)

Eric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond reputeEric has a reputation beyond repute

Save a Life Child Abuse 9/11/01 :: Never Forget Baby Health Marrow Donor Program AIDS/HIV Breast Cancer Cystic Fibrosis Ethan Allen Fund Animal Cruelty Ethan Allen Fund Ethan Allen Fund Cancer Alzheimer's Protect Our Planet Cancer Survivorship SIDS Child Abuse
Ok, try this then
PHP Code:

function clean(&$value)
{
    if (
is_array($value))
    {
        foreach (
$value AS $key => $val)
        {
            if (
is_string($val))
            {
                
$value["$key"] = trim(stripslashes($val));
            }
            else if (
is_array($val))
            {
                
clean($value["$key"]);
            }
        }
    }
}

$comments =& DBI::getAll(
    
'SELECT c.name, c.message, c.date_added ' .
    
'FROM comments c ' .
    
'WHERE c.item_id = ' . DBI::quote($id)
    );
clean($comments);

Template::set('comments', $comments);
Edit: also, I'd suggest using www.php.net/mysql_real_escape_string or www.php.net/mysql_escape_string over addslashes when inserting.
__________________
Eric is offline  
Old 05-21-2007, 01:53 PM   #5 (permalink)
NamePros Regular
 
DylanButler's Avatar
 
Join Date: Jan 2006
Location: San Diego, CA
Posts: 704
0.00 NP$ (Donate)

DylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to beholdDylanButler is a splendid one to behold


Nice! It worked thanks a lot Eric.

I threw in some strip_tags() in there and we are set.


--RESOLVED--
__________________
:great: -Dylan Butler

EXAMP - San Diego Web Design
DylanButler is offline  
Old 05-21-2007, 02:08 PM   #6 (permalink)
Dan
Buy my domains.
 
Dan's Avatar
 
Join Date: Feb 2006
Posts: 2,801
56.00 NP$ (Donate)

Dan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant futureDan has a brilliant future

Autism Autism Autism Autism Autism Autism Autism
I've never used SMARTY or whatever it is, and so that seems kind of pointless to me. It looks like all it's doing is kind of putting code into an HTML file without using PHP. You might as well just use a PHP file and run the code, so it's more flexible. (I'm probably way off on that, but that's how it looks to me.)

I've tried using Django (Python) which uses template files. It seems like a cool idea, but it's easier for me in PHP to just use the dynamic code throughout the template.
Dan is offline  
Old 05-24-2007, 02:15 PM   #7 (permalink)
NamePros Regular
 
abdussamad's Avatar
 
Join Date: Jul 2006
Location: Karachi
Posts: 708
94.60 NP$ (Donate)

abdussamad is just really niceabdussamad is just really niceabdussamad is just really niceabdussamad is just really nice


Quote:
Originally Posted by Dan
I've never used SMARTY or whatever it is, and so that seems kind of pointless to me. It looks like all it's doing is kind of putting code into an HTML file without using PHP. You might as well just use a PHP file and run the code, so it's more flexible. (I'm probably way off on that, but that's how it looks to me.)

I've tried using Django (Python) which uses template files. It seems like a cool idea, but it's easier for me in PHP to just use the dynamic code throughout the template.
Smarty is easier for non-coders aka designers to learn. The syntax is less strict and it its also more forgiving of mistakes. For example you don't need to end every line with a semi colon and if you refer to a variable that doesn't exist smarty won't choke.

The other advantage is that it allows you to separate the programming logic from the presentation. If you're using PHP for your templates you're allowing each and every designer access to your core code.

The disadvantage, as you pointed out, is that it is harder for the programmer to integrate smarty into his script.

Last edited by abdussamad; 05-24-2007 at 02:55 PM.
abdussamad is offline  
Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Site Sponsors
Advertise your business at NamePros

All times are GMT -7. The time now is 08:39 AM.


Powered by: vBulletin® Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.3.0
Template-Modifications by TMS
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85