|
|
|
@ -1,17 +1,35 @@
|
|
|
|
<?php
|
|
|
|
<?php
|
|
|
|
namespace config;
|
|
|
|
namespace config;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
use Exception;
|
|
|
|
|
|
|
|
|
|
|
|
class Validation
|
|
|
|
class Validation
|
|
|
|
{
|
|
|
|
{
|
|
|
|
public static function val_action($action)
|
|
|
|
public static function val_action($action): string {
|
|
|
|
{
|
|
|
|
$safeAction = htmlspecialchars($action, ENT_QUOTES);
|
|
|
|
if (!isset($action)) {
|
|
|
|
if (!isset($action))
|
|
|
|
throw new \Exception('pas d\'action');
|
|
|
|
throw new \Exception('pas d\'action');
|
|
|
|
//on pourrait aussi utiliser
|
|
|
|
else if ($safeAction != $action)
|
|
|
|
//$action = $_GET['action'] ?? 'no';
|
|
|
|
throw new \Exception("tentative d'injection sql détectée");
|
|
|
|
// This is equivalent to:
|
|
|
|
else return $safeAction;
|
|
|
|
//$action = if (isset($_GET['action'])) $action=$_GET['action'] else $action='no';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public static function filter_int($value): int {
|
|
|
|
|
|
|
|
if ($value == null || !filter_var($value, FILTER_VALIDATE_INT) || $value < 0)
|
|
|
|
|
|
|
|
throw new Exception("invalid field");
|
|
|
|
|
|
|
|
return $value;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public static function filter_str_simple($value): string {
|
|
|
|
|
|
|
|
if ($value == null || !preg_match('/^[A-Za-z0-9\s\-]+$/', $value))
|
|
|
|
|
|
|
|
throw new Exception("invalid field");
|
|
|
|
|
|
|
|
return $value;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public static function filter_str_nospecialchar($value): string {
|
|
|
|
|
|
|
|
if ($value == null || !preg_match('/^[A-Za-z\s\-]+$/', $value))
|
|
|
|
|
|
|
|
throw new Exception("invalid field");
|
|
|
|
|
|
|
|
return $value;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public static function val_form(string &$nom, string &$age, &$dVueEreur)
|
|
|
|
public static function val_form(string &$nom, string &$age, &$dVueEreur)
|
|
|
|
|
