# PHP Question(s)



## Msap14 (Nov 4, 2011)

hey all, 

i am teaching myself a bit of PHP and have a question to ask...

the book i have shows the following:

function sanitizeString($var)
{
     $var =  strip_tags($var)
     $var = htmlentities($var);
     $var = stripslashes($var);
     return mysql_real_escape_string($var);
}

what is the importance of all the $var variables? 
does this stack values on a single variable?
why/how do you start naming a variable $var as strip_tags with another $var in parenthesis?

the book doesn't say, it is a rather simple book, just teaching the basics and this is part of an exercise.


----------



## FordGT90Concept (Nov 4, 2011)

$var contains the input.

For example, if $var was equal to "Hello world!<br/>\\a>b\\r\\nYay!":

After $var = strip_tags($var), $var would equal "Hello world!\\a>b\\r\\nYay!"
After $var = htmlentities($var), $var would equal "Hello world!\\a&gt;b\\r\\nYay!"
After $var = stripslashes($var), $var would equal "Hello world!\a&gt;b\r\nYay!"
After $var = mysql_real_escape_string($var), $var would equal "Hello world!\\a&gt;b\\r\\nYay!"

Effectively, it is making whatever is sent through it injection-proof.


----------



## Msap14 (Nov 4, 2011)

makes sense since the function is named sanitizeString.

Now i'm wondering why you would need 4 different variations?
could it be just to show the different ways you could use the variable?
i think all the variations are used throughout the entire example though.

ill probably have more questions as i read through this book, so i apreciate the help so far.


----------



## FordGT90Concept (Nov 4, 2011)

Those four functions don't modify $var, they make a copy of it and return the modified input.  Think of it like this:
$ReturnvedValue = function($InputValue)

By reusing $var, you're applying the changes to $var over and over.  By the way, this would have the exact same output as the code you pasted:

```
function sanitizeString($var) { return mysql_real_escape_string(stripslashes(htmlentities(strip_tags($var)))); }
```


----------



## Thrackan (Nov 4, 2011)

Msap14 said:


> makes sense since the function is named sanitizeString.
> 
> Now i'm wondering why you would need 4 different variations?
> could it be just to show the different ways you could use the variable?
> ...



This function is used to strip several types of special values from an inputted string. This is used to counteract stuff like SQL injection, and makes sure that what you have left after you put your string through this function is just text.

What it does (very basically):
- Takes your input string, and stores it in the $var variable.
- calls the strip_tags() function, which well, strips tags from a text string, and stores the result in $var
(so $var now contains your input, minus any tags that were just stripped)
- calls the htmlentities() function, which filters out any HTML-specific code someone might have entered in your input, and stores the result in $var
(so now $var has been cleaned in 2 different ways already!)
- same for the stripslashes() function
- and last, but not least, the SQL stripper

so it does not do 4 variations of the same, it sequentially processes all these four commands, each time updating the $var variable with the filtered result.


----------



## Msap14 (Dec 4, 2011)

whats the best way to go about styling a php website?

should the style code go inside the the php or vise versa?
how can i link a style sheet? (normal html linking doesn't seem to be working)


----------



## Thrackan (Dec 5, 2011)

CSS, all the way 
try using the include function


----------



## xbonez (Dec 7, 2011)

Within the head tag of your html or php page:


```
<link rel="stylesheet" href="style.css" />
```


----------

