Loading values from $_POST[] in an array?

Hall of Famer · August 30, 2011

Well I have a script file that loads lots of info from a form using $_POST[] method, which is quite tedious:

  $act = $_POST["act"];
          $page = $_POST["page"];
  $id = $_POST["id"];
  $category = $_POST["category"];
          $itemname = $_POST["itemname"];
          $description = $_POST["description"];
  $imageurl = $_POST["imageurl"];
  $existingimageurl = $_POST["existingimageurl"];
  $function = $_POST["function"];
  $target = $_POST["target"];
  $value = $_POST["value"];
  $shop = $_POST["shop"];
          $price = $_POST["price"];
  $tradable = $_POST["tradable"];
  $consumable = $_POST["consumable"];

I was wondering if there is a way to write one or two simple lines of code to load all variables stored in superglobal array $_POST[] efficiently. The point is to store all values within $_POST[] to an array called $item[], what I was thinking about is:

foreach($_POST = $key as $val){
  $item['{$key}'] = $val;
}

Seems that its not gonna work, so I wonder if anyone of you have ideas on how I am able to simplify my code with 10-20 lines of $_POST[] to just 2-3 lines. Please do lemme know if this is possible, thanks.

PFMaBiSmAd · August 30, 2011

What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables.

If you want an $item array that is a copy of the $_POST array -

$item = $_POST;

If you want to populate scaler program variables from the $_POST elements, you can use extract Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables.

xyph · August 30, 2011

I suggest against doing this. Each form variable is unique to some extent, and should be sanitized and verified accordingly.

If you wanted a clean way to do this, you could use an array of element names to check, along with a sanitize function it should use.

<?php

$fields = array(
'name' => 'str_alpha',
'likes_pie' => 'bool',
'age' => 'int',
'address' => 'str_nospecial'
);

$values = array();

foreach( $fields as $name => $type ) {
if( !empty($_POST[$name]) )
	$values[$name] = sanitize($_POST[$name], $type);
}

function sanitize( $value, $type ) {

switch( $type ) {
	case 'bool':
		return (bool) $value;
		break;
	case 'str_alpha':
		return preg_replace( '~[^a-z]~i', '', $value );
		break;
	case 'str_nospecial':
		return preg_replace( '~[^-a-z0-9.,\'" \r\n]~i', '', $value );
	case 'int':
		return (int) $value;
		break;
	case 'etc':
		break;
}

}

?>

That way, you are 100% sure what you're getting has been cleaned, and no rogue data is trying to enter your scripts.

Hall of Famer · August 30, 2011

What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables.

If you want an $item array that is a copy of the $_POST array -
$item = $_POST;
If you want to populate scaler program variables from the $_POST elements, you can use extract Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables.

Thanks a lot, I will give a try using extract($_POST, EXTR_PREFIX_ALL, 'item_'). Some people said extract() has security issues though...

PFMaBiSmAd · August 30, 2011

Some people said extract() has security issues though...

That's why someone suggested -

Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables.

Sign In

Loading values from $_POST[] in an array?

Recommended Posts

Hall of Famer

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

xyph

Link to comment

Share on other sites

Hall of Famer

Link to comment

Share on other sites

PFMaBiSmAd

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information