Jump to content

Recommended Posts

I am using this code and it work well:

 

function fromuser ($variable)
{
$variable = trim(htmlentities($variable, ENT_QUOTES, 'UTF-8'));
return $variable;
}

$first_name = fromuser ($_POST['first_name']);
echo "<div class='text_field_description' $first_name_error>First Name: </div> 
	  <input name='first_name' type='text' class='text_field' value='$first_name' autocomplete='off'>";
echo "<br/>";

 

Every time I use $_POST['first_name'] i will also define $first_name. So names will always be the same.

So, basically is there a way I can just do this:

 

fromuser (first_name);

 

and function will return processed variable as:

$first_name = $variable;

 

I hope I explained myself well.

Thanks for input.

Link to comment
https://forums.phpfreaks.com/topic/266261-is-there-a-way-to-shorten-this-function/
Share on other sites

Ok,

 

Do you see how I define a string as:

$first_name = fromuser ($_POST['first_name']);

I will do that a lot in the form and the name of the string and the name of the variable are always the same.

$first_name = fromuser ($_POST['first_name']);
$last_name = fromuser ($_POST['last_name']);
$company_name = fromuser ($_POST['company_name']);
$city = fromuser ($_POST['city']);

 

If there a way I can call for a function in this manner:

fromuser (first_name)

instead of:

$first_name = fromuser ($_POST['first_name']);

in such manner that the function will return processed variable already in string format of:

$first_name = $variable;

In order to do that you would need to declare all those variables before-hand... with null values.

$first_name = null;

$last_name = null;

.......

 

Then, in you're function... you would pass it a string argument

then use that string to create a variable variable assignment.

function fromuser ($variable)  {
     ${$variable} = trim(htmlentities($_POST[$variable], ENT_QUOTES, 'UTF-8'));
}

At that point, you wouldn't need to return anything in your function.

fromuser("first_name");

fromuser("last_name");

Learn how to use the extract() function. Adjust the accepted list as you desire.

 

if (!empty($_POST)) {
   $accepted_variables = array(
                               'first_name',
                               'last_name ',
                               'company_name',
                               'city'
                              );

   extract($accepted_variables);
   extract($_POST, EXTR_IF_EXISTS);

   foreach($_POST as $variable => $value) {
      if (is_string($value))
         $$variable = trim(htmlentities($value, ENT_QUOTES, 'UTF-8'));
   }
}

Your best bet would be to sanitize all superglobals when they come in and then use extract() whenever you want them to become local/global variables.

 

foreach ($_POST as $key => $value) {
  $_POST[$key] = sanitize($value);
}

extract($_POST);

$accepted_variables = array(
                               'first_name',
                               'last_name ',
                               'company_name',
                               'city'
                              );

   extract($accepted_variables);
   extract($_POST, EXTR_IF_EXISTS);

 

How should I interpret this? You extract and create the "allowed" variables,

 

foreach($_POST as $variable => $value) {
      if (is_string($value))
         $$variable = trim(htmlentities($value, ENT_QUOTES, 'UTF-8'));
   }
}

 

but then afterwards you go ahead and extract ALL variables?!

@Zane,

 

But won't the $first_name variable that it creates remain local to the function?

It shouldn't if it is declared outside the function first.

 

That's true for Javascript, but not PHP. To make it work the way you are saying, you'd have to use global.

<?php

$_POST['test'] = 'foobar';

toGlobal('test');

echo $test;

function toGlobal($key) {
if( isset($_POST[$key]) && (!isset($GLOBALS[$key]) || !$GLOBALS[$key]) ) {
	$GLOBALS[$key] = trim(htmlentities($_POST[$key], ENT_QUOTES, 'UTF-8'));
	return TRUE;
} else
	return FALSE;
}

?>

@Zane,

 

But won't the $first_name variable that it creates remain local to the function?

It shouldn't if it is declared outside the function first.

 

That's true for Javascript, but not PHP. To make it work the way you are saying, you'd have to use g*****.

 

Ahhhhhhh! You said the G word!!

@Zane,

 

But won't the $first_name variable that it creates remain local to the function?

It shouldn't if it is declared outside the function first.

 

That's true for Javascript, but not PHP. To make it work the way you are saying, you'd have to use g*****.

 

Ahhhhhhh! You said the G word!!

 

... you'd have to use global.

template.jpg

 

Keep in mind that I wasn't necessarily saying that you should use globals, just that you would have to in order to modify out-of-scope variables within a function without using a return.

 

This wouldn't work:

$foo = 'bar';

function f()
{
$foo = 'foobar';
}

f();

echo $foo; // 'bar'

 

It would have to be like this:

$foo = 'bar';

function f()
{
global $foo;

$foo = 'foobar';
}

f();

echo $foo; // 'foobar';

 

Or, as xyph pointed out, like this: (but I don't know if this is any better than using global)

$foo = 'bar';

function f()
{
$GLOBALS['foo'] = 'foobar';
}

f();

echo $foo; // 'foobar';

global

 

I came as quick as I could!

 

Your best bet would be to sanitize all superglobals when they come in and then use extract() whenever you want them to become local/global variables.

 

foreach ($_POST as $key => $value) {
  $_POST[$key] = sanitize($value);
}

extract($_POST);

 

+1 for this solution.

Sanitisation shouldn't be done generally.

 

By this I didn't mean "generally shouldn't be done all of the time". I meant, shouldn't be done in a "general way across every input". You can't sanitize every input as one. You're not sanitising the inputs by doing that.

Or, as xyph pointed out, like this: (but I don't know if this is any better than using global)

 

It's pretty much the same thing. The key part in my function is that it verifies the global value doesn't exist before writing to it. Yes, it also checks for a non-true value, but that part could/should be taken out.

 

Regardless, it's a bad approach. But it's done.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.