Loading values from $_POST[] in an array?

[Hall of Famer]

Well I have a script file that loads lots of info from a form using $_POST[] method, which is quite tedious:

 

  $act = $_POST["act"];
          $page = $_POST["page"];
  $id = $_POST["id"];
  $category = $_POST["category"];
          $itemname = $_POST["itemname"];
          $description = $_POST["description"];
  $imageurl = $_POST["imageurl"];
  $existingimageurl = $_POST["existingimageurl"];
  $function = $_POST["function"];
  $target = $_POST["target"];
  $value = $_POST["value"];
  $shop = $_POST["shop"];
          $price = $_POST["price"];
  $tradable = $_POST["tradable"];
  $consumable = $_POST["consumable"];

 

I was wondering if there is a way to write one or two simple lines of code to load all variables stored in superglobal array $_POST[] efficiently. The point is to store all values within $_POST[] to an array called $item[], what I was thinking about is:

 

foreach($_POST = $key as $val){
  $item['{$key}'] = $val;
}

 

Seems that its not gonna work, so I wonder if anyone of you have ideas on how I am able to simplify my code with 10-20 lines of $_POST[] to just 2-3 lines. Please do lemme know if this is possible, thanks.

[PFMaBiSmAd]

What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables.

 

If you want an $item array that is a copy of the $_POST array -

$item = $_POST;

 

If you want to populate scaler program variables from the $_POST elements, you can use extract  Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables.

[xyph]

I suggest against doing this. Each form variable is unique to some extent, and should be sanitized and verified accordingly.

 

If you wanted a clean way to do this, you could use an array of element names to check, along with a sanitize function it should use.

 

<?php

$fields = array(
'name' => 'str_alpha',
'likes_pie' => 'bool',
'age' => 'int',
'address' => 'str_nospecial'
);

$values = array();

foreach( $fields as $name => $type ) {
if( !empty($_POST[$name]) )
	$values[$name] = sanitize($_POST[$name], $type);
}

function sanitize( $value, $type ) {

switch( $type ) {
	case 'bool':
		return (bool) $value;
		break;
	case 'str_alpha':
		return preg_replace( '~[^a-z]~i', '', $value );
		break;
	case 'str_nospecial':
		return preg_replace( '~[^-a-z0-9.,\'" \r\n]~i', '', $value );
	case 'int':
		return (int) $value;
		break;
	case 'etc':
		break;
}

}

?>

 

That way, you are 100% sure what you're getting has been cleaned, and no rogue data is trying to enter your scripts.

[Hall of Famer]

What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables.

 

If you want an $item array that is a copy of the $_POST array -

$item = $_POST;

 

If you want to populate scaler program variables from the $_POST elements, you can use extract  Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables.

 

Thanks a lot, I will give a try using extract($_POST, EXTR_PREFIX_ALL, 'item_'). Some people said extract() has security issues though...

 

[PFMaBiSmAd]

Some people said extract() has security issues though...

 

That's why someone suggested -

Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables.