Jump to content

A Better Way To Code This


dlcmpls
 Share

Recommended Posts

Hello everyone.  I wrote a bit of code to thwart spammers trying to hijack my form processing script.  I have 3 files in play...1 form that a user fills out, a form processor, and a Thank You page.

 

I have a question about code in my form processor.  Here's a bit of the code in question:

 

//get the variables posted from the form

$firstname = $_POST['FirstName'];

$lastname = $_POST['LastName'];

$organization = $_POST['OrgName'];

$address1 = $_POST['Address1'];

$address2 = $_POST['Address2'];

$city = $_POST['City'];

$state = $_POST['State'];

$zip = $_POST['Zip'];

$phone = $_POST['Phone'];

$phonehome = $_POST['PhoneHome'];

$phonework = $_POST['PhoneWork'];

$phonecell= $_POST['PhoneCell'];

$email = $_POST['Email'];

$message = $_POST['Message'];

//FOLLOWING ITEM IS USED FOR EMAIL FRIEND FEATURE

$senderemail = $_POST['SenderEmail'];

 

 

////////  TRIM THE ENDS OF THE STRING TO REMOVE ANY EMPTY SPACES

$firstname = trim($firstname);

$lastname = trim($lastname);

$organization = trim($organization);

$address1 = trim($address1);

$address2 = trim($address2);

$city = trim($city);

$state = trim($state);

$zip = trim($zip);

$phonehome = trim($phonehome);

$phonework = trim($phonework);

$phonecell= trim($phonecell);

$email = trim($email);

$phone = trim($phone);

$message = trim($message);

$senderemail = trim($senderemail);

 

////////  STRIP HTML AND PHP TAGS FROM THE STRINGS

$firstname = strip_tags($firstname);

$lastname = strip_tags($lastname);

$organization = strip_tags($organization);

$address1 = strip_tags($address1);

$address2 = strip_tags($address2);

$city = strip_tags($city);

$state = strip_tags($state);

$zip = strip_tags($zip);

$phonehome = strip_tags($phonehome);

$phonework = strip_tags($phonework);

$phonecell= strip_tags($phonecell);

$email = strip_tags($email);

$phone = strip_tags($phone);

$message = strip_tags($message);

$senderemail = strip_tags($senderemail);

 

I know there has to be a better, more compact way to write this bit of code.  Would I use an array?

 

Code examples greatly appreciated as I am a php novice (but learnin more every day!).

 

Anyone have suggestions for compacting this code?  FYI, there are more blocks of code in my file. I pasted 3 blocks of code above just so you can get the idea of how I wrote the code.

 

Thanks in advance for any advice.

 

dlc

Link to comment
Share on other sites

You could make a function like this:

clean($text){

  return trim(html_entities(strip_tags($text)));

}

 

Then use that instead of three times.

$firstname = clean($_POST['FirstName']);

 

You may also want to check for words like "mime-type" as that's a sign someone is trying to hijack an email form. There's plenty of good articles out there about preventing email form hijacking.

Link to comment
Share on other sites

Because you are simply using the field name (in lower case) for your variable names, you could auto-generate your variables and run all your checks like this:

<?php
forech ($_POST as $k => $v) {
  $k  = strtolower($k);
  $$k = trim($v);
  $$k = strip_tags($$k);
}

// Now, all your variables have been created, trimmed and stripped
?>

Link to comment
Share on other sites

Using a lot of variables is not comfortable. You can do something like this:

$data = array_map("strip_tags",array_map("trim", $_POST));

 

Now, if you want to use the city for an example, you would use $data['City']. First-name will be in $data['FirstName'] etc'

 

Orio.

Link to comment
Share on other sites

Using a lot of variables is not comfortable.

 

Why is that? If they're dynamically created, there shouldn't be enough overhead to worry about. Although, if you're looking at keeping them all in an array, why not just modify the post array and keep them in there:

<?php
foreach ($_POST as $k => $v) {
  $_POST[$k] = strip_tags(trim($v));
}

// Then, you can just access your $_POST variables, and they're clean
?>

 

I guess I'm just not understanding your point, Orio ???

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.