Jump to content

Overriding $_POST variables?

JustinK101

By JustinK101
in PHP Coding Help

 Share

Recommended Posts

JustinK101 Advanced Member

JustinK101

Posted
Posted
Hello, I am trying to overide some of my varibles posted via POST.

[code]
//Strip commas out of compensation major
$_POST['compensation_major'] = str_replace(",", "", $_POST['compensation_major']);

//Convert date from DD/MM/YYYY to YYYY-MM-DD
$_POST['hire_date'] = convert_date_2_mysql_date($_POST['hire_date']);

//Strip spaces out of password
$_POST['password'] = str_replace(" ", '', $_POST['password']);

//Encrypt password
$_POST['password'] = encrypt($_POST['password'], $GBL_encrypt_key);
[/code]

I swore I have done this before, but currently it inst working. I have to actually assign a new variables on the left hand of each assignment for it work. Any ideas why? I would prefer to not make all new variables for each operations, for example, this is bad:


[code]
//Strip commas out of compensation major
$comp_major = str_replace(",", "", $_POST['compensation_major']);

//Convert date from DD/MM/YYYY to YYYY-MM-DD
$hired = convert_date_2_mysql_date($_POST['hire_date']);

//Strip spaces out of password
$pass = str_replace(" ", '', $_POST['password']);

//Encrypt password
$newPass = encrypt($pass, $GBL_encrypt_key);
[/code]

Not only makes code harder and more confusing, but more variable use. Thanks for the help.
Link to comment
https://forums.phpfreaks.com/topic/22429-overriding-_post-variables/
Share on other sites
JustinK101 Advanced Member

JustinK101

Posted
  • Author
Posted
I found my problem, in my mysql querry I am calling:

[code]
INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'$title', '$first_name', '$last_name', '$mailing_address', '$city', '$state', '$zip_code', '$country', '$email_address', '$contact_phone',
'$hire_date', '$job_title_occupation', '$employment_term', '$compensation_basis', '$compensation_major', '$compensation_minor',
'$compensation_quant', '$workers_comp_classification', '$enrolled_in_benefits', '$paid_holidays', '$hours_per_holiday', '$paid_vacation',
'$vacation_hours_per_year', '$paid_personal', '$personal_hours_per_year', '$direct_deposit', '$number_tax_allowances', '$username',
'$password', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

See I am not using the $_POST array, I am relying on REGISTER GLOBALS which is bad, but gosh it saves so much time. Any easier way to rewrite the query instead of going and putting $_POST[' before each variable and closing it with ']? Any tricks out to there for lazy people such as myself?
HuggieBear Member

HuggieBear

Posted
Posted
Sounds as though extract is what you need:

[code]
<?php
  extract($_POST);
?>
[/code]

This imports the key names into the namespace.  So if your form has fields, user, pass and submit, then by using the above you can refer to them as $user, $pass, $submit.

There's various options with extract, including what to do if a name already exists, I'd suggest you check out the php manual on [url=http://uk.php.net/manual/en/function.extract.php]extract[/url]

Regards
Huggie
JustinK101 Advanced Member

JustinK101

Posted
  • Author
Posted
Via the manual: Do not use extract() on untrusted data, like user-input ($_GET, ...). If you do, for example, if you want to run old code that relies on register_globals temporarily.

Don't want to rely on register_globals thats the entire point of referencing variables by $_POST[''].

Seems like I just gotta do the same code as above except put $_POST[''], unless you have any other ideas.
JustinK101 Advanced Member

JustinK101

Posted
  • Author
Posted
Ok, I had to change my query to the following:

[code]
INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'$_POST[title]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[mailing_address]', '$_POST[city]', '$_POST[state]', '$_POST[zip_code]', '$_POST[country]', '$_POST[email_address]', '$_POST[contact_phone]',
'$_POST[hire_date]', '$_POST[job_title_occupation]', '$_POST[employment_term]', '$_POST[compensation_basis]', '$_POST[compensation_major]', '$_POST[compensation_minor]',
'$_POST[compensation_quant]', '$_POST[workers_comp_classification]', '$_POST[enrolled_in_benefits]', '$_POST[paid_holidays]', '$_POST[hours_per_holiday]', '$_POST[paid_vacation]',
'$_POST[vacation_hours_per_year]', '$_POST[paid_personal]', '$_POST[personal_hours_per_year]', '$_POST[direct_deposit]', '$_POST[number_tax_allowances]', '$_POST[username]',
'$_POST[password]', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

[b]There had to be an eaiser way? Am I the only person so lazy to complain about this? :) LOL.[/b]

Pain in the but, and also lose the standard of quoting keys in the $_POST array. Such as '$_POST['my_value']' must be changed to '$_POST[my_value]' or else the php won't parse.
kenrbnsn Regular Member

kenrbnsn

Posted
Posted
It looks like the field names in your form are the same as the fieldnames in your database, therefore you can use the alternative insert syntax and do something like the following:
[code]<?php
$qtmp = array();
$date_fields = array('date_created','date_last_modified');
$user_fields = array('user_who_created', 'user_who_last_modified');
foreach($_POST as $key => $value) {
    if ($key != 'submit') // or whatever your submit button is named
        if (strlen(trim(stripslashes($value))) != 0) // ignore blank fields
            $qtmp[] = $key . " = '" . mysql_real_escape_string(trim(stripslashes($value))) . "'";
}
foreach($date_fields as $k)
    $qtmp[] = $k . " = '" . date('Y-m-d') . "'"; // I'm guessing at the format for your date fields
foreach($user_fields as $k)
    $qtmp[] = $k . " = '" . get_current_username() . "'";
$query = "insert into employees set " . implode(', ',$qtmp);
echo $query; // just to see what you have created...
?>[/code]

When it comes to iterating through arrays, the foreach statement is a big help.

Ken
JustinK101 Advanced Member

JustinK101

Posted
  • Author
Posted
kenrbnsn,

Thanks for the idea but that code is ugly and hard for me to follow, personally. I guess all my typing inst that bad. Any way I can still keep the quotes of the $_POST array variables though?

Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible? It wont compile if if '$_POST['var_name']' though currently.
448191 Advanced Member

448191

Posted
Posted
[quote author=JustinK101 link=topic=109892.msg443518#msg443518 date=1159511116]
kenrbnsn,

Thanks for the idea but that code is ugly and hard for me to follow, personally. I guess all my typing inst that bad. [/quote]

??? Trust me, learn how to use loops.

[quote author=JustinK101 link=topic=109892.msg443518#msg443518 date=1159511116]Any way I can still keep the quotes of the $_POST array variables though?

Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible? It wont compile if if '$_POST['var_name']' though currently.
[/quote]

[url=http://nl2.php.net/types.string]manual[/url]
HuggieBear Member

HuggieBear

Posted
Posted
[quote]
Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible?
[/quote]

You can do that by using double quotes " " and putting the variable inside curley braces, known as [url=http://uk.php.net/manual/en/language.types.string.php#language.types.string.parsing]complex syntax[/url].

[code]
<?php
// Unquoted
echo $_POST['name'];

// Double quoted
echo "{$_POST['name']}";

// Using heredoc (info about this is also on the link provided above)
echo <<<HTML
{$_POST['name']}
HTML;
?>
[/code]

Regards
Huggie
JustinK101 Advanced Member

JustinK101

Posted
  • Author
Posted
Trying to do complex, here is what I have:

[code]
$sql = "INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'{$_POST['title']}', '{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['mailing_address']}', '{$_POST['city']}', '{$_POST['state']}', '{$_POST['zip_code']}', '{$_POST['country']}', '{$_POST['email_address']}', '{$_POST['contact_phone']}',
'{$_POST['hire_date']}', '{$_POST['job_title_occupation']}', '{$_POST['employment_term']}', '{$_POST['compensation_basis']}', '{$_POST['compensation_major']}', '{$_POST['compensation_minor']}',
'{$_POST['compensation_quant']}', '{$_POST['workers_comp_classification']}', '{$_POST['enrolled_in_benefits']}', '{$_POST['paid_holidays']}', '{$_POST['hours_per_holiday']}', '{$_POST['paid_vacation']}',
'{$_POST['vacation_hours_per_year']}', '{$_POST['paid_personal']}', '{$_POST['personal_hours_per_year']}', '{$_POST['direct_deposit']}', '{$_POST['number_tax_allowances']}', '{$_POST['username']}',
'{$_POST['password']}', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

It is not working though, wont parse.
HuggieBear Member

HuggieBear

Posted
Posted
It's not beacuse of the curly braces that it's not inserting.  It's probably due to the functions you're trying to insert!

Do any processing outside of the query...
[code=php:0]$username = get_current_username();
$sql = "INSERT INTO table (username) VALUES ('$username')";
[/code]

Not like this:
[code=php:0]$sql = "INSERT INTO table (username) VALUES ('.get_current_username().')";
[/code]

You could even use some SQL commands to save even more time...
[code=php:0]$sql = "INSERT INTO table (date_last_modified) VALUES (curdate())";
[/code]

Regards
Huggie
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.