471,107 Members | 1,737 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,107 software developers and data experts.

PHP OOP Setters and Getters + data validation

I was reading topic about setters and getters (http://www.thescripts.com/forum/thread631267.html) and wanted to ask, how they should be used? I have noticed that a general data validators suck, since the amount of different possibilities how to validate data is endless (like Jerry S said well in the topic, after some time the general data validator gets longer and longer. slower and slower + harder to maintain and more subject to errors.) so i thought, it's more sensible to create datavalidator within one class. but when i was horny all over my code, i bumbed into few problems:

1) should i validate the data both when setting and getting it?
2) when i set the data, should i validate it for database or for object (should i use mysql_real_escape_string when setting the data)?
3) should i set properties always by using set-methods (also e.g. in page constructor)?
4) if i don't use set-methods for properties within class, should the data be validated when setting properties? or should i use set-methods before saving the data to database (in save() method)?
5) should the data be validated in db class?
6) summary: i know i HAVE TO use mysql_real_espcape_string (plus strip_tags function) when i put data into database and stripslashes (plus some str_replace functions) when getting it out from database, but at which point? should i do all datacleaning and validation in page class? should get-methods be used when loading data from database within class with stripslashes etc validation?

I have 2 classes, db-class for database connections etc and page-class for creating pages (don't worry about the lack of errorhandling, i excluded it from this example).

define("DB_HOST", "myhost");
define("DB_USER", "myuser");
define("DB_PASS", "mypass");
define("DB_NAME", "mydb");

// ===============
// ===============
class db {
private $connection;
private $sql;
private $lastId;
private static $instance;

private function __construct() {

// singleton method
public static function create() {
if (!isset(self::$instance))
self::$instance = new db();
return self::$instance;

public function connect($dbHost=DB_HOST,$dbUser=DB_USER,$dbPass=DB _PASS,$dbName=DB_NAME) {
$this->connection=mysql_connect($dbHost,$dbUser,$dbPass) ;

// for SELECT statements
public function fetch($sql=""){
$result = mysql_query($this->sql,$this->connection);
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
$data[] = $row;
return $data;

// for INSERT, UPDATE and DELETE statements
public function execute($sql="") {
// set lastId property
$lastId = mysql_insert_id();

public function setLastId($lastId) {
$this->lastId = $lastId;

public function getLastId() {
return $this->lastId;

// ===============
// ===============
class page {
private $id;
private $title;
private $text;

public function __create($id=NULL,$title,$text) {
if ($this->validateId($id)>0) {

public function setId($id) {
$id = $this->escape($id);
$id = $this->validateId($id);
$this->id = $id;

public function setTitle($title) {
$title = $this->escape($title);
$title = $this->stripTags($title);
$this->title = $title;

public function setText($text) {
$text = $this->escape($text);
$text = $this->stripTags($text);
$this->text = $text;

public function getId() {
return $this->id;

public function getTitle() {
return $this->title;

public function getText() {
return $this->text;

public function save($id=NULL) {

$db = db::create();

if ( ($id === NULL) || ($id === 0) ) {
$sql="INSERT INTO page (title,text) VALUES ('$this->title', '$this->text'");
$result = $db->execute($sql);
// set new id for current pageobject
else {
$sql = "UPDATE page SET title='$this->title', text='$this->text' WHERE id = $this->id";

public function load($id=NULL) {

$db = db::create();

$sql = "SELECT * FROM page WHERE id = " .$this->id;
$data= $db->fetch($sql);

if ($data) {
$sizeOfData = sizeof($data);
for ($i=0; $i<$sizeOfData; $i++) {

private function validateId($id) {
if (!empty($id) && is_numeric($id) && ($id > 0))
return (int) $id;
return 0;

private function stripTags($input, $allowedTags = "<p><a><img><b><u><i><li><ul><table><td><tr><b r>") {
return strip_tags($input, $allowedTags);

// if magic quotes are ON, remove the slashes that it added,
// and add slashes with mysql_real_escape_string-function.
// this is because magic quotes or addslashes-function do not escape
// values \x00, \n, \r, and \x1a (which may be used in SQL injection)
private function escape($input) {
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
$input = mysql_real_escape_string($input);
else $input = mysql_real_escape_string($input);
return $input;

private function cleanData($txt="") {
$txt = stripslashes($txt);
$txt = str_replace('"','\'', $txt);
$txt = str_replace('<br />', '', $txt);
return $txt;

$page = new page();
echo $page->getTitle()."<br>";
echo $page->getText();
Mar 30 '08 #1
3 6101
4,258 Expert 4TB
You don't really expect our members to read through that bunch of unstructured code, do you?

First read the Posting Guidelines about enclosing code within the appropriate code tags, then apply the tags to your post and then we will have a look.

Mar 30 '08 #2
You don't really expect our members to read through that bunch of unstructured code, do you?

First read the Posting Guidelines about enclosing code within the appropriate code tags, then apply the tags to your post and then we will have a look.

hehehe, thats what i was doing when i was reading the old post!
but thanks, changed now, looks much better nowadays!
Mar 30 '08 #3
Since no1 seems to reply, i guess i'll just do the following:

1) Set each property ALWAYS with their own setmethods (not $this->property = 'foo'). In the set-method, i'll add slashes to property with mysql_real_escape_string-function and validate the data with strip_tags-function

2) Get each property outside the class with get-methods (of course, they are set to private, so $page->property will result in error), clean the data in get methods with stripslashes function, and do some str_replacing. So get-methods are used for printing the data in webpage

3) In the class, use $this->property (not get-method) e.g. when referring to property which is being inserted/updated into database (and has been set with set-method).

Sounds sensible, no?
Or is there better ways to use setters & getters?
Apr 1 '08 #4

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

32 posts views Thread by kelvSYC | last post: by
2 posts views Thread by Wei Wang | last post: by
112 posts views Thread by mystilleef | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.