Jump to content
dazzclub

trim $_post values before using it to query the database.

Recommended Posts

Hi all,

I'm looking for some pointers in regards to my form..

How would  I firstly trim the $_POST value of the variables that come through via the form (I'm only using one for now)..I know I'm making a right dogs dinner of it. 

In my head I'm thinking, trim all the posts first before i even assign a variable to it ( i dont know if thats possible), then use an array for when more values start coming through via the form. You know as i make a contact form that requires more data from the user..

 

<?php
require_once '../connection/dbconfig.php';

include_once('../connection/connectionz.php');
//get the values



//Get the request method from the $_SERVER
$requestType = $_SERVER['REQUEST_METHOD'];
//this is what type
//echo $requestType ;

if($requestType == 'POST') {
	
	//now trim all $_POSTS
	$search_products = trim($_POST['search_products']);

	//
	if(empty($search_products)){
		echo '<h4>You must type a word to search!</h4>';
	}else{
		$make = '<h4>No match found!</h4>';
		
		$new_search_products = "%" . $search_products . "%";

		$sql = "SELECT * FROM product WHERE name LIKE ?";
		//prepared statement
		$stmt = mysqli_stmt_init($conDB);
		//prepare prepared statements
		if(!mysqli_stmt_prepare($stmt,$sql)) {
			echo "SQL Statement failed";
		}else{

			//bind parameters to the placeholder
			mysqli_stmt_bind_param($stmt, "s", $new_search_products );
			mysqli_stmt_execute($stmt);

			$result = mysqli_stmt_get_result($stmt);
			echo'<h2> Search Result</h2>';
			
			echo 'You searched for <strong><em>'. $search_products.'</em></strong>';
			while($row = mysqli_fetch_assoc($result)){
			echo '<h4> (ID						: '.$row['pid'];
			echo ') Book Title						: '.$row['name'];
			echo '</h4>';
		}
	}

}
	}
;?>

 

If any one can shed some light on this, or some pointers..that would be very nice...

Thanks

Darren

 

 

 

Share this post


Link to post
Share on other sites
40 minutes ago, dazzclub said:

How would  I firstly trim the $_POST value of the variables that come through via the form (I'm only using one for now)..I know I'm making a right dogs dinner of it.

You do it by calling trim(). That's really all there is to it.

40 minutes ago, dazzclub said:

In my head I'm thinking, trim all the posts first before i even assign a variable to it ( i dont know if thats possible),

It is, but don't do it. You're talking about modifying $_POST in place and that's rather strongly frowned upon.

trim() the value just before you need it for a query.

40 minutes ago, dazzclub said:

then use an array for when more values start coming through via the form.

Using the array to hold the modified values, instead of individual variables, is totally fine.

Share this post


Link to post
Share on other sites
// recursive function to trim data
function _trim($val){
	if(is_array($val)){
		return array_map('_trim',$val); // recurse if an array
	} else {
		return trim($val); // call php's trim function, if not an array
	}
}

$post = []; // define an array to hold a trimmed, working copy of the submitted form data


// inside the form processing code, get a trimmed copy of the submitted form data
$post = array_map('_trim',$_POST);

// you would refernce the elements in $post in the rest of the code, i.e. $post['search_products']

 

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.