Hall of Famer Posted August 30, 2011 Share Posted August 30, 2011 Well I have a script file that loads lots of info from a form using $_POST[] method, which is quite tedious: $act = $_POST["act"]; $page = $_POST["page"]; $id = $_POST["id"]; $category = $_POST["category"]; $itemname = $_POST["itemname"]; $description = $_POST["description"]; $imageurl = $_POST["imageurl"]; $existingimageurl = $_POST["existingimageurl"]; $function = $_POST["function"]; $target = $_POST["target"]; $value = $_POST["value"]; $shop = $_POST["shop"]; $price = $_POST["price"]; $tradable = $_POST["tradable"]; $consumable = $_POST["consumable"]; I was wondering if there is a way to write one or two simple lines of code to load all variables stored in superglobal array $_POST[] efficiently. The point is to store all values within $_POST[] to an array called $item[], what I was thinking about is: foreach($_POST = $key as $val){ $item['{$key}'] = $val; } Seems that its not gonna work, so I wonder if anyone of you have ideas on how I am able to simplify my code with 10-20 lines of $_POST[] to just 2-3 lines. Please do lemme know if this is possible, thanks. Link to comment https://forums.phpfreaks.com/topic/246062-loading-values-from-_post-in-an-array/ Share on other sites More sharing options...
PFMaBiSmAd Posted August 30, 2011 Share Posted August 30, 2011 What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables. If you want an $item array that is a copy of the $_POST array - $item = $_POST; If you want to populate scaler program variables from the $_POST elements, you can use extract Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables. Link to comment https://forums.phpfreaks.com/topic/246062-loading-values-from-_post-in-an-array/#findComment-1263697 Share on other sites More sharing options...
xyph Posted August 30, 2011 Share Posted August 30, 2011 I suggest against doing this. Each form variable is unique to some extent, and should be sanitized and verified accordingly. If you wanted a clean way to do this, you could use an array of element names to check, along with a sanitize function it should use. <?php $fields = array( 'name' => 'str_alpha', 'likes_pie' => 'bool', 'age' => 'int', 'address' => 'str_nospecial' ); $values = array(); foreach( $fields as $name => $type ) { if( !empty($_POST[$name]) ) $values[$name] = sanitize($_POST[$name], $type); } function sanitize( $value, $type ) { switch( $type ) { case 'bool': return (bool) $value; break; case 'str_alpha': return preg_replace( '~[^a-z]~i', '', $value ); break; case 'str_nospecial': return preg_replace( '~[^-a-z0-9.,\'" \r\n]~i', '', $value ); case 'int': return (int) $value; break; case 'etc': break; } } ?> That way, you are 100% sure what you're getting has been cleaned, and no rogue data is trying to enter your scripts. Link to comment https://forums.phpfreaks.com/topic/246062-loading-values-from-_post-in-an-array/#findComment-1263698 Share on other sites More sharing options...
Hall of Famer Posted August 30, 2011 Author Share Posted August 30, 2011 What's wrong with using $_POST['variables'] directly in your code? They are perfectly fine variables. If you want an $item array that is a copy of the $_POST array - $item = $_POST; If you want to populate scaler program variables from the $_POST elements, you can use extract Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables. Thanks a lot, I will give a try using extract($_POST, EXTR_PREFIX_ALL, 'item_'). Some people said extract() has security issues though... Link to comment https://forums.phpfreaks.com/topic/246062-loading-values-from-_post-in-an-array/#findComment-1263709 Share on other sites More sharing options...
PFMaBiSmAd Posted August 30, 2011 Share Posted August 30, 2011 Some people said extract() has security issues though... That's why someone suggested - Use EXTR_PREFIX_ALL as the second parameter and use a unique prefix to insure that hackers cannot overwrite any of your existing program variables. Link to comment https://forums.phpfreaks.com/topic/246062-loading-values-from-_post-in-an-array/#findComment-1263711 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.