9three Posted July 15, 2009 Share Posted July 15, 2009 Hey, Just curious how everyone handles their inputs when using POST/GET methods? Some ways I've seen it is by just declaring them one by one: $username = $_POST['username']; $password = $_POST['password']; Also with a for each loop like so foreach($_POST as $key => $value) echo $value; I'm trying to figure out if there is a more advanced/efficient way? Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 15, 2009 Share Posted July 15, 2009 I'd say it depends on what you are doing. Typically, I prefer to explicitly define variables from my post data as in your first example. I'd stay away from using something such as extract(0 to convert all the POST data into variables automatically because you can never trust user data. However, it is sometimes useful to run an automated process on all POST data, such as stripslashes() when magic quotes is on rather than checking/striping each value one at a time. Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted July 15, 2009 Share Posted July 15, 2009 A more advanced way would be to filter each array so that any time the array is used it is considered clean. Frameworks that I have used do this automatically, but before I started using frameworks I did the same thing. If you don't use a framework, or don't want to use a framework, you might consider downloading one just to see how it handles common tasks. Quote Link to comment Share on other sites More sharing options...
Psycho Posted July 15, 2009 Share Posted July 15, 2009 A more advanced way would be to filter each array so that any time the array is used it is considered clean. How is that different or even "more advanced" than "...to run an automated process on all POST data". Quote Link to comment Share on other sites More sharing options...
9three Posted July 15, 2009 Author Share Posted July 15, 2009 hmm.. thanks for the feedback! Quote Link to comment Share on other sites More sharing options...
sKunKbad Posted July 16, 2009 Share Posted July 16, 2009 A more advanced way would be to filter each array so that any time the array is used it is considered clean. How is that different or even "more advanced" than "...to run an automated process on all POST data". I was only referring to 9three's original post. You had posted before I hit the post button, and I didn't feel the need to change my post. Sorry for the confusion; we had the same idea. I usually use php's data filtering: http://php.net/filter Quote Link to comment Share on other sites More sharing options...
play_ Posted July 16, 2009 Share Posted July 16, 2009 $_POST = arrap_map('trim', $_POST); $email = $sanitize->email( $_POST['email'] ); Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.