Hall of Famer Posted August 30, 2011 Share Posted August 30, 2011 Well I have a script file that loads lots of info from a form using $_POST[] method, which is quite tedious: $act = $_POST["act"]; $page = $_POST["page"]; $id = $_POST["id"]; $category = $_POST["category"]; $itemname = $_POST["itemname"]; $description = $_POST["description"]; $imageurl = $_POST["imageurl"]; $existingimageurl = $_POST["existingimageurl"]; $function = $_POST["function"]; $target = $_POST["target"]; $value = $_POST["value"]; $shop = $_POST["shop"]; $price = $_POST["price"]; $tradable = $_POST["tradable"]; $consumable = $_POST["consumable"]; I was wondering if there is a way to write one or two simple lines of code to load all variables stored in superglobal array $_POST[] efficiently. The point is to store all values within $_POST[] to an array called $item[], what I was thinking about is: foreach($_POST = $key as $val){ $item['{$key}'] = $val; } Seems that its not gonna work, so I wonder if anyone of you have ideas on how I am able to simplify my code with 10-20 lines of $_POST[] to just 2-3 lines. Please do lemme know if this is possible, thanks. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 30, 2011 Share Posted August 30, 2011 What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables. If you want an $item array that is a copy of the $_POST array - $item = $_POST; If you want to populate scaler program variables from the $_POST elements, you can use extract Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables. Quote Link to comment Share on other sites More sharing options...
xyph Posted August 30, 2011 Share Posted August 30, 2011 I suggest against doing this. Each form variable is unique to some extent, and should be sanitized and verified accordingly. If you wanted a clean way to do this, you could use an array of element names to check, along with a sanitize function it should use. <?php $fields = array( 'name' => 'str_alpha', 'likes_pie' => 'bool', 'age' => 'int', 'address' => 'str_nospecial' ); $values = array(); foreach( $fields as $name => $type ) { if( !empty($_POST[$name]) ) $values[$name] = sanitize($_POST[$name], $type); } function sanitize( $value, $type ) { switch( $type ) { case 'bool': return (bool) $value; break; case 'str_alpha': return preg_replace( '~[^a-z]~i', '', $value ); break; case 'str_nospecial': return preg_replace( '~[^-a-z0-9.,\'" \r\n]~i', '', $value ); case 'int': return (int) $value; break; case 'etc': break; } } ?> That way, you are 100% sure what you're getting has been cleaned, and no rogue data is trying to enter your scripts. Quote Link to comment Share on other sites More sharing options...
Hall of Famer Posted August 30, 2011 Author Share Posted August 30, 2011 What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables. If you want an $item array that is a copy of the $_POST array - $item = $_POST; If you want to populate scaler program variables from the $_POST elements, you can use extract Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables. Thanks a lot, I will give a try using extract($_POST, EXTR_PREFIX_ALL, 'item_'). Some people said extract() has security issues though... Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 30, 2011 Share Posted August 30, 2011 Some people said extract() has security issues though... That's why someone suggested - Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.