trim $_post values before using it to query the database.

[dazzclub]

Hi all,

I'm looking for some pointers in regards to my form..

How would  I firstly trim the $_POST value of the variables that come through via the form (I'm only using one for now)..I know I'm making a right dogs dinner of it. 

In my head I'm thinking, trim all the posts first before i even assign a variable to it ( i dont know if thats possible), then use an array for when more values start coming through via the form. You know as i make a contact form that requires more data from the user..

 

<?php
require_once '../connection/dbconfig.php';

include_once('../connection/connectionz.php');
//get the values



//Get the request method from the $_SERVER
$requestType = $_SERVER['REQUEST_METHOD'];
//this is what type
//echo $requestType ;

if($requestType == 'POST') {
	
	//now trim all $_POSTS
	$search_products = trim($_POST['search_products']);

	//
	if(empty($search_products)){
		echo '<h4>You must type a word to search!</h4>';
	}else{
		$make = '<h4>No match found!</h4>';
		
		$new_search_products = "%" . $search_products . "%";

		$sql = "SELECT * FROM product WHERE name LIKE ?";
		//prepared statement
		$stmt = mysqli_stmt_init($conDB);
		//prepare prepared statements
		if(!mysqli_stmt_prepare($stmt,$sql)) {
			echo "SQL Statement failed";
		}else{

			//bind parameters to the placeholder
			mysqli_stmt_bind_param($stmt, "s", $new_search_products );
			mysqli_stmt_execute($stmt);

			$result = mysqli_stmt_get_result($stmt);
			echo'<h2> Search Result</h2>';
			
			echo 'You searched for <strong><em>'. $search_products.'</em></strong>';
			while($row = mysqli_fetch_assoc($result)){
			echo '<h4> (ID						: '.$row['pid'];
			echo ') Book Title						: '.$row['name'];
			echo '</h4>';
		}
	}

}
	}
;?>

 

If any one can shed some light on this, or some pointers..that would be very nice...

Thanks

Darren

 

 

 

[requinix]

40 minutes ago, dazzclub said:

How would  I firstly trim the $_POST value of the variables that come through via the form (I'm only using one for now)..I know I'm making a right dogs dinner of it.

You do it by calling trim(). That's really all there is to it.

40 minutes ago, dazzclub said:

In my head I'm thinking, trim all the posts first before i even assign a variable to it ( i dont know if thats possible),

It is, but don't do it. You're talking about modifying $_POST in place and that's rather strongly frowned upon.

trim() the value just before you need it for a query.

40 minutes ago, dazzclub said:

then use an array for when more values start coming through via the form.

Using the array to hold the modified values, instead of individual variables, is totally fine.

[mac_gyver]

// recursive function to trim data
function _trim($val){
	if(is_array($val)){
		return array_map('_trim',$val); // recurse if an array
	} else {
		return trim($val); // call php's trim function, if not an array
	}
}

$post = []; // define an array to hold a trimmed, working copy of the submitted form data


// inside the form processing code, get a trimmed copy of the submitted form data
$post = array_map('_trim',$_POST);

// you would refernce the elements in $post in the rest of the code, i.e. $post['search_products']