Jump to content

Overriding $_POST variables?


JustinK101

Recommended Posts

Hello, I am trying to overide some of my varibles posted via POST.

[code]
//Strip commas out of compensation major
$_POST['compensation_major'] = str_replace(",", "", $_POST['compensation_major']);

//Convert date from DD/MM/YYYY to YYYY-MM-DD
$_POST['hire_date'] = convert_date_2_mysql_date($_POST['hire_date']);

//Strip spaces out of password
$_POST['password'] = str_replace(" ", '', $_POST['password']);

//Encrypt password
$_POST['password'] = encrypt($_POST['password'], $GBL_encrypt_key);
[/code]

I swore I have done this before, but currently it inst working. I have to actually assign a new variables on the left hand of each assignment for it work. Any ideas why? I would prefer to not make all new variables for each operations, for example, this is bad:


[code]
//Strip commas out of compensation major
$comp_major = str_replace(",", "", $_POST['compensation_major']);

//Convert date from DD/MM/YYYY to YYYY-MM-DD
$hired = convert_date_2_mysql_date($_POST['hire_date']);

//Strip spaces out of password
$pass = str_replace(" ", '', $_POST['password']);

//Encrypt password
$newPass = encrypt($pass, $GBL_encrypt_key);
[/code]

Not only makes code harder and more confusing, but more variable use. Thanks for the help.
Link to comment
Share on other sites

I found my problem, in my mysql querry I am calling:

[code]
INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'$title', '$first_name', '$last_name', '$mailing_address', '$city', '$state', '$zip_code', '$country', '$email_address', '$contact_phone',
'$hire_date', '$job_title_occupation', '$employment_term', '$compensation_basis', '$compensation_major', '$compensation_minor',
'$compensation_quant', '$workers_comp_classification', '$enrolled_in_benefits', '$paid_holidays', '$hours_per_holiday', '$paid_vacation',
'$vacation_hours_per_year', '$paid_personal', '$personal_hours_per_year', '$direct_deposit', '$number_tax_allowances', '$username',
'$password', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

See I am not using the $_POST array, I am relying on REGISTER GLOBALS which is bad, but gosh it saves so much time. Any easier way to rewrite the query instead of going and putting $_POST[' before each variable and closing it with ']? Any tricks out to there for lazy people such as myself?
Link to comment
Share on other sites

Sounds as though extract is what you need:

[code]
<?php
  extract($_POST);
?>
[/code]

This imports the key names into the namespace.  So if your form has fields, user, pass and submit, then by using the above you can refer to them as $user, $pass, $submit.

There's various options with extract, including what to do if a name already exists, I'd suggest you check out the php manual on [url=http://uk.php.net/manual/en/function.extract.php]extract[/url]

Regards
Huggie
Link to comment
Share on other sites

Via the manual: Do not use extract() on untrusted data, like user-input ($_GET, ...). If you do, for example, if you want to run old code that relies on register_globals temporarily.

Don't want to rely on register_globals thats the entire point of referencing variables by $_POST[''].

Seems like I just gotta do the same code as above except put $_POST[''], unless you have any other ideas.
Link to comment
Share on other sites

Ok, I had to change my query to the following:

[code]
INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'$_POST[title]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[mailing_address]', '$_POST[city]', '$_POST[state]', '$_POST[zip_code]', '$_POST[country]', '$_POST[email_address]', '$_POST[contact_phone]',
'$_POST[hire_date]', '$_POST[job_title_occupation]', '$_POST[employment_term]', '$_POST[compensation_basis]', '$_POST[compensation_major]', '$_POST[compensation_minor]',
'$_POST[compensation_quant]', '$_POST[workers_comp_classification]', '$_POST[enrolled_in_benefits]', '$_POST[paid_holidays]', '$_POST[hours_per_holiday]', '$_POST[paid_vacation]',
'$_POST[vacation_hours_per_year]', '$_POST[paid_personal]', '$_POST[personal_hours_per_year]', '$_POST[direct_deposit]', '$_POST[number_tax_allowances]', '$_POST[username]',
'$_POST[password]', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

[b]There had to be an eaiser way? Am I the only person so lazy to complain about this? :) LOL.[/b]

Pain in the but, and also lose the standard of quoting keys in the $_POST array. Such as '$_POST['my_value']' must be changed to '$_POST[my_value]' or else the php won't parse.
Link to comment
Share on other sites

It looks like the field names in your form are the same as the fieldnames in your database, therefore you can use the alternative insert syntax and do something like the following:
[code]<?php
$qtmp = array();
$date_fields = array('date_created','date_last_modified');
$user_fields = array('user_who_created', 'user_who_last_modified');
foreach($_POST as $key => $value) {
    if ($key != 'submit') // or whatever your submit button is named
        if (strlen(trim(stripslashes($value))) != 0) // ignore blank fields
            $qtmp[] = $key . " = '" . mysql_real_escape_string(trim(stripslashes($value))) . "'";
}
foreach($date_fields as $k)
    $qtmp[] = $k . " = '" . date('Y-m-d') . "'"; // I'm guessing at the format for your date fields
foreach($user_fields as $k)
    $qtmp[] = $k . " = '" . get_current_username() . "'";
$query = "insert into employees set " . implode(', ',$qtmp);
echo $query; // just to see what you have created...
?>[/code]

When it comes to iterating through arrays, the foreach statement is a big help.

Ken
Link to comment
Share on other sites

kenrbnsn,

Thanks for the idea but that code is ugly and hard for me to follow, personally. I guess all my typing inst that bad. Any way I can still keep the quotes of the $_POST array variables though?

Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible? It wont compile if if '$_POST['var_name']' though currently.
Link to comment
Share on other sites

[quote author=JustinK101 link=topic=109892.msg443518#msg443518 date=1159511116]
kenrbnsn,

Thanks for the idea but that code is ugly and hard for me to follow, personally. I guess all my typing inst that bad. [/quote]

??? Trust me, learn how to use loops.

[quote author=JustinK101 link=topic=109892.msg443518#msg443518 date=1159511116]Any way I can still keep the quotes of the $_POST array variables though?

Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible? It wont compile if if '$_POST['var_name']' though currently.
[/quote]

[url=http://nl2.php.net/types.string]manual[/url]
Link to comment
Share on other sites

[quote]
Currently I do like '$_POST[var_name]' I want to be able to do '$_POST['var_name']' any way that is possible?
[/quote]

You can do that by using double quotes " " and putting the variable inside curley braces, known as [url=http://uk.php.net/manual/en/language.types.string.php#language.types.string.parsing]complex syntax[/url].

[code]
<?php
// Unquoted
echo $_POST['name'];

// Double quoted
echo "{$_POST['name']}";

// Using heredoc (info about this is also on the link provided above)
echo <<<HTML
{$_POST['name']}
HTML;
?>
[/code]

Regards
Huggie
Link to comment
Share on other sites

Trying to do complex, here is what I have:

[code]
$sql = "INSERT into employees
(
title, first_name, last_name, mailing_address, city, state, zip_code, country, email_address, contact_phone,
hire_date, job_title_occupation, employment_term, compensation_basis, compensation_major, compensation_minor,
compensation_quant, workers_comp_classification, enrolled_in_benefits, paid_holidays, hours_per_holiday, paid_vacation,
vacation_hours_per_year, paid_personal, personal_hours_per_year, direct_deposit, number_tax_allowances, username,
password, date_created, date_last_modified, user_who_created, user_who_last_modified, last_succ_login
)
VALUES
(
'{$_POST['title']}', '{$_POST['first_name']}', '{$_POST['last_name']}', '{$_POST['mailing_address']}', '{$_POST['city']}', '{$_POST['state']}', '{$_POST['zip_code']}', '{$_POST['country']}', '{$_POST['email_address']}', '{$_POST['contact_phone']}',
'{$_POST['hire_date']}', '{$_POST['job_title_occupation']}', '{$_POST['employment_term']}', '{$_POST['compensation_basis']}', '{$_POST['compensation_major']}', '{$_POST['compensation_minor']}',
'{$_POST['compensation_quant']}', '{$_POST['workers_comp_classification']}', '{$_POST['enrolled_in_benefits']}', '{$_POST['paid_holidays']}', '{$_POST['hours_per_holiday']}', '{$_POST['paid_vacation']}',
'{$_POST['vacation_hours_per_year']}', '{$_POST['paid_personal']}', '{$_POST['personal_hours_per_year']}', '{$_POST['direct_deposit']}', '{$_POST['number_tax_allowances']}', '{$_POST['username']}',
'{$_POST['password']}', '" . get_current_date() . "', '" . get_current_date() . "', '" . get_current_username() . "', '" . get_current_username() . "', 'NULL'
)";
[/code]

It is not working though, wont parse.
Link to comment
Share on other sites

It's not beacuse of the curly braces that it's not inserting.  It's probably due to the functions you're trying to insert!

Do any processing outside of the query...
[code=php:0]$username = get_current_username();
$sql = "INSERT INTO table (username) VALUES ('$username')";
[/code]

Not like this:
[code=php:0]$sql = "INSERT INTO table (username) VALUES ('.get_current_username().')";
[/code]

You could even use some SQL commands to save even more time...
[code=php:0]$sql = "INSERT INTO table (date_last_modified) VALUES (curdate())";
[/code]

Regards
Huggie
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.