Jump to content

Archived

This topic is now archived and is closed to further replies.

JustinK101

Overriding $_POST variables?

Recommended Posts

Hello, I am trying to overide some of my varibles posted via POST.

[code]
//Strip commas out of compensation major
$_POST['compensation_major'] = str_replace(",", "", $_POST['compensation_major']);

//Convert date from DD/MM/YYYY to YYYY-MM-DD
$_POST['hire_date'] = convert_date_2_mysql_date($_POST['hire_date']);

//Strip spaces out of password
$_POST['password'] = str_replace(" ", '', $_POST['password']);

//Encrypt password
$_POST['password'] = encrypt($_POST['password'], $GBL_encrypt_key);
[/code]

I swore I have done this before, but currently it inst working. I have to actually assign a new variables on the left hand of each assignment for it work. Any ideas why? I would prefer to not make all new variables for each operations, for example, this is bad:


[code]
//Strip commas out of compensation major
$comp_major = str_replace(",", "", $_POST['compensation_major']);

//Convert date from DD/MM/YYYY to YYYY-MM-DD
$hired = convert_date_2_mysql_date($_POST['hire_date']);

//Strip spaces out of password
$pass = str_replace(" ", '', $_POST['password']);

//Encrypt password
$newPass = encrypt($pass, $GBL_encrypt_key);
[/code]

Not only makes code harder and more confusing, but more variable use. Thanks for the help.

Share this post


Link to post
Share on other sites
I found my problem, in my mysql querry I am calling:

[code]
INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'$title', '$first_name', '$last_name', '$mailing_address', '$city', '$state', '$zip_code', '$country', '$email_address', '$contact_phone',
'$hire_date', '$job_title_occupation', '$employment_term', '$compensation_basis', '$compensation_major', '$compensation_minor',
'$compensation_quant', '$workers_comp_classification', '$enrolled_in_benefits', '$paid_holidays', '$hours_per_holiday', '$paid_vacation',
'$vacation_hours_per_year', '$paid_personal', '$personal_hours_per_year', '$direct_deposit', '$number_tax_allowances', '$username',
'$password', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

See I am not using the $_POST array, I am relying on REGISTER GLOBALS which is bad, but gosh it saves so much time. Any easier way to rewrite the query instead of going and putting $_POST[' before each variable and closing it with ']? Any tricks out to there for lazy people such as myself?

Share this post


Link to post
Share on other sites
Sounds as though extract is what you need:

[code]
<?php
  extract($_POST);
?>
[/code]

This imports the key names into the namespace.  So if your form has fields, user, pass and submit, then by using the above you can refer to them as $user, $pass, $submit.

There's various options with extract, including what to do if a name already exists, I'd suggest you check out the php manual on [url=http://uk.php.net/manual/en/function.extract.php]extract[/url]

Regards
Huggie

Share this post


Link to post
Share on other sites
Via the manual: Do not use extract() on untrusted data, like user-input ($_GET, ...). If you do, for example, if you want to run old code that relies on register_globals temporarily.

Don't want to rely on register_globals thats the entire point of referencing variables by $_POST[''].

Seems like I just gotta do the same code as above except put $_POST[''], unless you have any other ideas.

Share this post


Link to post
Share on other sites
Ok, I had to change my query to the following:

[code]
INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'$_POST[title]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[mailing_address]', '$_POST[city]', '$_POST[state]', '$_POST[zip_code]', '$_POST[country]', '$_POST[email_address]', '$_POST[contact_phone]',
'$_POST[hire_date]', '$_POST[job_title_occupation]', '$_POST[employment_term]', '$_POST[compensation_basis]', '$_POST[compensation_major]', '$_POST[compensation_minor]',
'$_POST[compensation_quant]', '$_POST[workers_comp_classification]', '$_POST[enrolled_in_benefits]', '$_POST[paid_holidays]', '$_POST[hours_per_holiday]', '$_POST[paid_vacation]',
'$_POST[vacation_hours_per_year]', '$_POST[paid_personal]', '$_POST[personal_hours_per_year]', '$_POST[direct_deposit]', '$_POST[number_tax_allowances]', '$_POST[username]',
'$_POST[password]', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

[b]There had to be an eaiser way? Am I the only person so lazy to complain about this? :) LOL.[/b]

Pain in the but, and also lose the standard of quoting keys in the $_POST array. Such as '$_POST['my_value']' must be changed to '$_POST[my_value]' or else the php won't parse.

Share this post


Link to post
Share on other sites
It looks like the field names in your form are the same as the fieldnames in your database, therefore you can use the alternative insert syntax and do something like the following:
[code]<?php
$qtmp = array();
$date_fields = array('date_created','date_last_modified');
$user_fields = array('user_who_created', 'user_who_last_modified');
foreach($_POST as $key => $value) {
    if ($key != 'submit') // or whatever your submit button is named
        if (strlen(trim(stripslashes($value))) != 0) // ignore blank fields
            $qtmp[] = $key . " = '" . mysql_real_escape_string(trim(stripslashes($value))) . "'";
}
foreach($date_fields as $k)
    $qtmp[] = $k . " = '" . date('Y-m-d') . "'"; // I'm guessing at the format for your date fields
foreach($user_fields as $k)
    $qtmp[] = $k . " = '" . get_current_username() . "'";
$query = "insert into employees set " . implode(', ',$qtmp);
echo $query; // just to see what you have created...
?>[/code]

When it comes to iterating through arrays, the foreach statement is a big help.

Ken

Share this post


Link to post
Share on other sites
kenrbnsn,

Thanks for the idea but that code is ugly and hard for me to follow, personally. I guess all my typing inst that bad. Any way I can still keep the quotes of the $_POST array variables though?

Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible? It wont compile if if '$_POST['var_name']' though currently.

Share this post


Link to post
Share on other sites
[quote author=JustinK101 link=topic=109892.msg443518#msg443518 date=1159511116]
kenrbnsn,

Thanks for the idea but that code is ugly and hard for me to follow, personally. I guess all my typing inst that bad. [/quote]

??? Trust me, learn how to use loops.

[quote author=JustinK101 link=topic=109892.msg443518#msg443518 date=1159511116]Any way I can still keep the quotes of the $_POST array variables though?

Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible? It wont compile if if '$_POST['var_name']' though currently.
[/quote]

[url=http://nl2.php.net/types.string]manual[/url]

Share this post


Link to post
Share on other sites
[quote]
Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible?
[/quote]

You can do that by using double quotes " " and putting the variable inside curley braces, known as [url=http://uk.php.net/manual/en/language.types.string.php#language.types.string.parsing]complex syntax[/url].

[code]
<?php
// Unquoted
echo $_POST['name'];

// Double quoted
echo "{$_POST['name']}";

// Using heredoc (info about this is also on the link provided above)
echo <<<HTML
{$_POST['name']}
HTML;
?>
[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
Trying to do complex, here is what I have:

[code]
$sql = "INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'{$_POST['title']}', '{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['mailing_address']}', '{$_POST['city']}', '{$_POST['state']}', '{$_POST['zip_code']}', '{$_POST['country']}', '{$_POST['email_address']}', '{$_POST['contact_phone']}',
'{$_POST['hire_date']}', '{$_POST['job_title_occupation']}', '{$_POST['employment_term']}', '{$_POST['compensation_basis']}', '{$_POST['compensation_major']}', '{$_POST['compensation_minor']}',
'{$_POST['compensation_quant']}', '{$_POST['workers_comp_classification']}', '{$_POST['enrolled_in_benefits']}', '{$_POST['paid_holidays']}', '{$_POST['hours_per_holiday']}', '{$_POST['paid_vacation']}',
'{$_POST['vacation_hours_per_year']}', '{$_POST['paid_personal']}', '{$_POST['personal_hours_per_year']}', '{$_POST['direct_deposit']}', '{$_POST['number_tax_allowances']}', '{$_POST['username']}',
'{$_POST['password']}', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

It is not working though, wont parse.

Share this post


Link to post
Share on other sites
[code]
if(isset($_POST["moo")) {
$moo = $_POST["moo"];
$moo = str_replace(...);
//--...
}
else { die("Error, no input"); }
[/code]


sweet, simple, fast, easy =]

Share this post


Link to post
Share on other sites
True` Logic:


Huh? How is what you wrote going to generate a mysql insert query which I have above?

Share this post


Link to post
Share on other sites
It's not beacuse of the curly braces that it's not inserting.  It's probably due to the functions you're trying to insert!

Do any processing outside of the query...
[code=php:0]$username = get_current_username();
$sql = "INSERT INTO table (username) VALUES ('$username')";
[/code]

Not like this:
[code=php:0]$sql = "INSERT INTO table (username) VALUES ('.get_current_username().')";
[/code]

You could even use some SQL commands to save even more time...
[code=php:0]$sql = "INSERT INTO table (date_last_modified) VALUES (curdate())";
[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
Yeah I found it, it was another fuction, so the above code with the curly braces work, just a lot of typing. Sigh. :)

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.