MY Common PHP Includes
When I start a new application or website, I always start with the same framework of files. I have a series of include files that I include as necessary on pages (scripts) on the site. Stuff like site navigation, database connection, and core functions are some of the includes I use.
My functions include has all the functions that I’m confident are going to be used frequently enough on the site to warrant their inclusion (and subsequent declaration) in every script in the site. While most of the functions vary from site, because they relate to a specific feature or concept that the site incorporates, there are two functions that I always include.
My Get and Post Functions
All my sites and applications are dynamic, which means they receive input from the user using either the GET or POST method. If you incorporate forms into your site, you’re probably familiar with GET and POST and the differences between the two. One thing I noticed after some time programming was that handling data through GET and POST was done frequently and could be easily compartmentalized in two simple helper functions.
Below is my implementation of these functions:
<?php function getData($var, $maxLength=99999) { $value = NULL; if (isset($_GET[$var])) { $value = trim(htmlentities($_GET[$var], ENT_QUOTES)); if (strlen($value) > $maxLength) { $value = substr($value, 0, $maxLength); } } return $value; } function postData($var, $maxLength=99999) { $value = NULL; if (isset($_POST[$var])) { $value = trim(htmlentities($_POST[$var], ENT_QUOTES)); if (strlen($value)>$maxLength) { $value = substr($value, 0, $maxLength); } } return $value; } ?>
These functions act as helper functions to retrieve the value that was sent to the script and available to PHP’s global $_GET and $_POST arrays. They also implement a few simple extra features. When calling either of these two functions, you can also supply a $maxLength parameter, which would be the maximum expected length of that variable. If anything is longer, then someone may be trying to take advantage of your website by sending data not in the way you intended. If the variable is longer than expected, the function still allows it, though it trims it to the length you are expecting. This can be helpful if you are inserting values into a database that has limits on the number of characters in a field. In addition, the function also puts the value through PHP’s htmlentities() function which will encode each character into their html equivalent, which I almost always need. This can also disarm any injected code that a malicious user may be sending to your script. Lastly, the function returns NULL when the expected variable has not been passed. This allows easy error handling when calling this function. Here is an example of doing error handling when retrieving a function:
<?php //Attempt to retrieve the value $username = getData('username'); if ($username == false) { //This value does not exist, do something to handle this situation } else { echo 'Welcome ' . $username . '!'; } ?>
