Tell me more ×
Code Review Stack Exchange is a question and answer site for peer programmer code reviews. It's 100% free, no registration required.
up vote 0 down vote favorite

I have an upload form on my site and I'm trying to sanitize and transform input data.

I will be straight forward to you - this is my first object-oriented style code! The reason I don't just want to use regular function, is that I would like to keep my codes divided in logical blocks. I called this one Filter. It has, so far 2 methods in it.

Before I will tell you what I'd like to improve, here is my Filter Class:

class Filter {

    public static function Text($data, $tags = 1, $displace = 1, $characters = 1, $numbers = 0, $punctuation = 0, $linespacing = 2, $whitespaces = 1, $transform = 0) {

        if ($tags === 1) {
            $data = filter_var($data, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
        }

        if ($displace === 1) {
            $data = str_replace('`', '\'', $data);
        }

        if ($characters === 1) {
            $unwanted_characters = array(
                '<',
                '>',
                '{',
                '}',
                '*',
                '|',
                '\\',
                '%',
                '^',
                '~',
                '‘',
                'getURL',
                'javascript',
                'activex',
                'x00',
                'x04',
                'x08',
                'x0d',
                'x1b',
                'x20',
                'x7f',
                '%7b',
                '%7d',
                '%7c',
                '%5c',
                '%5e',
                '%7e',
                '%60',
                '%25',
                '%27'
            );
            $data                = str_replace($unwanted_characters, '', $data);
        }

        if ($numbers === 1) {
            $data = preg_replace('/\d/', '', $data);    
        }

        if ($punctuation === 1) {
            $unwanted_punctuation = array(
                ',',
                '.',
                ':',
                ';',
                '!',
                '?',
                '#',
                '№',
                '@',
                '$',
                '&',
                '*',
                '=',
                '/',
                '[',
                ']'
            );
            $data                 = str_replace($unwanted_punctuation, '', $data);
        }

        if ($linespacing === 0) {
            $data = preg_replace("/(\r?\n){0,}\n+/", " ", $data);
        }
        if ($linespacing === 1) {
            $data = preg_replace("/(\r?\n){1,}/", "\n", $data);
        }
        if ($linespacing === 2) {
            $data = preg_replace("/(\r?\n){2,}/", "\n\n", $data);
        }
        if ($linespacing === 3) {
            $data = preg_replace("/(\r?\n){3,}/", "\n\n\n", $data);
        }
        if ($linespacing === 4) {
            $data = preg_replace("/(\r?\n){4,}/", "\n\n\n\n", $data);
        }
        if ($linespacing === 5) {
            $data = preg_replace("/(\r?\n){5,}/", "\n\n\n\n\n", $data);
        }

        if ($whitespaces === 1) {
            $data = preg_replace("/[ ]+/", " ", $data);
            $data = join("\n", array_map("trim", explode("\n", $data)));
            $data = join("\r", array_map("trim", explode("\r", $data)));
        }

        if ($transform === 1) {
            $data = mb_strtolower($data);
        }
        if ($transform === 2) {
            $data = mb_strtoupper($data);
        }

        return $data;   
    }

    public static function Links($data) {
        $data = preg_replace('%(((f|ht){1}tp://|(f|ht){1}tps://)[-a-zA-^Z0-9@:\%_\+.~#?&//=]+)%i', '<a href="\\1" target="_blank">\\1</a>', $data);
        $data = preg_replace('%([[:space:]()[{}])(www.[-a-zA-Z0-9@:\%_\+.~#?&//=]+)%i', '\\1<a href="http://\\2" target="_blank">\\2</a>', $data);

        if (preg_match("/[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}/i", $data, $email)) {
            $replacement = '<a href="mailto:' . $email[0] . '" target="_blank">' . $email[0] . '</a> ';
            $data        = preg_replace("/[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}/i", $replacement, $data);
        }
        return $data;
    }


}

I use it as follows:

$description = Filter::Text($_POST['description'], $tags = 1, $displace = 1, $characters = 1, $numbers = 0, $punctuation = 0, $linespacing = 2, $whitespaces = 1, $transform = 0);

and

$description = Filter::Links($description);

If you have anything in mind that you would like to say to improve it, please go ahead.

I personally don't like to pass everytime a huge set of variables, such as $tags = 1, $displace = 1, $characters = 1, $numbers = 0 .... What I would like to do is to set default values at my class's methods just once and then change only specific ones in case I have to.

For example, to show what I mean, in order to filter my description field with keeping default values but one (which is $transform in the example below):

$description = Filter::Text($_POST['description'], $transform = 1);

Now, instead of writing that huge set of default variable, I could only pass the variable that's value is different from default.

It doesn't work this way so far. Not sure what I'm missing?

share|improve this question

2 Answers

up vote 2 down vote accepted

OK...first off: this isn't OOP. OOP is about objects talking to each other, delegating tasks to each other to get stuff done. What you're doing here is just using classes as modules. There's nothing inherently wrong with that, but it doesn't automatically make your code object oriented. Just letting you know that before some OOP zealot starts calling you the devil and telling you you're doing it wrong. :)

As for your args issue...What you have here is a bunch of boolean flags (and a number for line spacing). An int has at least 31 bits, meaning it can hold pretty much all of the flags. Use constants with them, and you end up with a more concise set of arguments that you can specify by name.

Consider:

class Filter {
    const DEFAULTS    = 0;
    const TAGS        = 0x01;
    const DISPLACE    = 0x02;
    const CHARACTERS  = 0x04;
    const DIGITS      = 0x08;
    const PUNCTUATION = 0x10;
    const SPACES      = 0x20;
    const TOUPPER     = 0x40;
    const TOLOWER     = 0x80;

    public static function Text($data, $flags = 0, $linespacing) {
        if (!$flags) {
            $flags = self::TAGS | self::DISPLACE | self::CHARACTERS | self::SPACES;
        }

        if ($flags & self::TAGS) {
            ... do tags stuff ...
        }
        ... handle other flags similarly ...
    }
}

Now, you can say

$text = Filter::Text($data, Filter::TAGS | Filter::CHARACTERS | Filter::TOUPPER, 2);

This could be even shorter if the constants were global, but eh.

share|improve this answer
thanks for your reply! I agree with you that it's NOT using OO approach fully but at the same time, if talking applying to my project globally - it kind of does - because, I don't repeat my codes and editing one single block of code changes the behavior everywhere else! I think those zealots, like you called them :) will understand, as I'm just starting with this. Concerting your answer, I'm not sure that I understood how to apply what you were talking about! Is there a way you could post it with an example on CodePad maybe, please? – Ilia Rostovtsev Mar 5 at 6:22
@Ilia: codepad.org/BQOIjTYE Note the output says "I'd strip tags here" but not "I'd strip spaces here", because the last line doesn't include the SPACES flag. Also, note that you can specify flags by name once they're consts. This not only lets readers know what the numbers mean...it also provides a clue as to what flags can be used, cause they're all named in the class. – cHao Mar 5 at 6:36
It's clear now! Thanks, my friend!! – Ilia Rostovtsev Mar 5 at 8:06
up vote 1 down vote

Answer has been accepted however it misses out a LOT of stuff. Rather than go through it all in detail, consider:

class Filter {

var $opts=array(
  'tags'=>1,    'displace'=> 1, 'chars'=>1
 ,'numbers'=>0, 'punct'=>0, 'linspacing'=>2
 ,'whitespace'=>1, 'transform'=>1
);

public function __constructor($opts=false)
{
      $this->setopts($opts);
}

public function setopts($opts=false)
{
   if (false!==$opts) {
      $this->opts=$opts;
   }
   return $this->opts;
}

private function extendFilter(&$filter, $srch, $replace)
{
   $ar=false;
   if (is_array($replace)) {
        $ar=true;
   }
   foreach ($keys as $idx=>$key) {
      $filter[$key] = $ar ? $replace[$idx] : $replace;
   } 
}

public function Text($data) 
{

    if ($this->opts['tags']) {
        $data = filter_var($data
            , FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
    }

    $unwanted=array();
    if ($this->opts['displace']) {
        $unwanted['`']='\'';
    }

    if ($this->opts['chars']) {
        $this->extendFilter($unwanted, array(
            '<',
            '>',
            '{',
            '}',
            '*',
            '|',
            '\\',
            '%',
            '^',
            '~',
            '‘',
            'getURL',
            'javascript',
            'activex',
            'x00',
            'x04',
            'x08',
            'x0d',
            'x1b',
            'x20',
            'x7f',
            '%7b',
            '%7d',
            '%7c',
            '%5c',
            '%5e',
            '%7e',
            '%60',
            '%25',
            '%27'
        ), '');
    }


    if ($this->opts['punctuation']) {
        $this->extendFilter($unwanted, array(
            ',',
            '.',
            ':',
            ';',
            '!',
            '?',
            '#',
            '№',
            '@',
            '$',
            '&',
            '*',
            '=',
            '/',
            '[',
            ']'
        ), '');
        $data = str_replace($unwanted_punctuation, '', $data);
    }

    $data = str_replace(array_keys($unwanted), array_values($unwanted), $data);

    if ($this->opts['numbers']) {
        $data = preg_replace('/\d/', '', $data);    
    }

    $regex="/(\r?\n){" . (integer)$opts['linespacing'] . ",}\n+/"
    $ch=(integer)$opts['linespacing'] 
               ? " " 
               : str_repeat("\n", $opts['linespacing']);
    $data = preg_replace($regex, $ch, $data);

    if ($this->opts['whitespaces']) { 
        // ! most people would consider newline to be whitespace 
        // - breaking linespacing
        // but also tab
        // if I spent time thinking about there's much cleaner, efficient ways to do this....
        $data = preg_replace("/[ ]+/", " ", $data);
        $data = join("\n", array_map("trim", explode("\n", $data)));
        $data = join("\r", array_map("trim", explode("\r", $data)));
    }

    if (1===$this->opts['transform']) {
        $data = mb_strtolower($data);
    }
    if (2===$this->opts['transform']) {
        $data = mb_strtoupper($data);
    }

    return $data;   
}

public static function Links($data) {
    $data = preg_replace('%(((f|ht){1}tp://|(f|ht){1}tps://)[-a-zA-^Z0-9@:\%_\+.~#?&//=]+)%i', '<a href="\\1" target="_blank">\\1</a>', $data);
    $data = preg_replace('%([[:space:]()[{}])(www.[-a-zA-Z0-9@:\%_\+.~#?&//=]+)%i', '\\1<a href="http://\\2" target="_blank">\\2</a>', $data);

    // tis is not the best email regex ever.
    if (preg_match("/[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}/i", $data, $email)) {
        $replacement = '<a href="mailto:' . $email[0] . '" target="_blank">' . $email[0] . '</a> ';
        $data        = preg_replace("/[^@\s]+@([-a-z0-9]+\.)+[a-z]{2,}/i", $replacement, $data);
    }
    return $data;
  }


}
share|improve this answer
Thanks for your effort! I have a question though! How do you apply it? You want to say, that you would have to create a new instance all the time? Please provide your code with working example on CodePad or anywhere else. – Ilia Rostovtsev Mar 6 at 7:57
If you have better email regex could you please share and point out the drawbacks of mine? I'd be deeply appreciate! – Ilia Rostovtsev Mar 6 at 7:59
Yes it retains state therefore needs to be implemented as an instance rather than called statically (can't see the point in static classes in PHP myself). Email regex? See - stackoverflow.com/questions/3836323/… – symcbean Mar 6 at 9:32
Thanks for you effort, my friend! +1 even thought it's not exactly what I was asking for but it helped me in getting the idea of object-oriented style in a close look! Your regex for email does the same work as mine but in more concise way? Correct!? – Ilia Rostovtsev Mar 10 at 8:41

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.