How to get the following strtotime to work with a variable

piano0011 · July 24, 2019, 11:06am

I am trying to get the following date to work but not sure how to use a variable inside the bracket instead of using the usual (“+2 days”)?

$duration = strip_tags(date(‘Y-m-d H:i:s’,( $duration)));

where $duration = 2 weeks;

piano0011 · July 24, 2019, 1:43pm

I have worked it out…have to use

$duration = strip_tags(date(‘Y-m-d H:i:s’,strtotime( “+”.$duration)));

Admin · July 24, 2019, 9:40pm

Why on earth do you insist on pulling every variable through strip_tags? It’s not a magic security function which makes your software more secure the more times you use it. It might be usable in some cases to validate input, but seeing how you seem to use it, I would like to quote this comment from the PHP website (regarding magic quotes, a similar bad idea interpreted as a security solution):

The very reason magic quotes are deprecated is
that a one-size-fits-all approach to escaping/quoting is wrongheaded and
downright dangerous. Different types of content have different special
chars and different ways of escaping them, and what works in one tends
to have side effects elsewhere. Any sample code, here or anywhere else,
that pretends to work like magic quotes --or does a similar conversion
for HTML, SQL, or anything else for that matter – is similarly
wrongheaded and similarly dangerous.

Data should be escaped where you need it
escaped, and for the domain in which it will be used.
(mysql_real_escape_string – NOT addslashes! – for MySQL (and that’s
only unless you have a clue and use prepared statements), htmlentities
or htmlspecialchars for HTML, etc.) Anything else is doomed to failure.

https://www.php.net/manual/en/security.magicquotes.php#102907

And that’s only for input validation (in which case it still makes a little bit of sense). But why do you pull the output of date through strip_tags? date either works (and returns a date according to the format you specified) or returns false. What cases can you imagine that date would return something that needs to have HTML tags removed?

piano0011 · July 25, 2019, 1:40am

I thought that strip_tags work differently from the htmlspecialchars in that it will strip way all html tags that will be outputed on the screen?

system · September 23, 2019, 1:40am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.