A Better Way To Code This

[dlcmpls]

Hello everyone.  I wrote a bit of code to thwart spammers trying to hijack my form processing script.  I have 3 files in play...1 form that a user fills out, a form processor, and a Thank You page.

 

I have a question about code in my form processor.  Here's a bit of the code in question:

 

//get the variables posted from the form

$firstname = $_POST['FirstName'];

$lastname = $_POST['LastName'];

$organization = $_POST['OrgName'];

$address1 = $_POST['Address1'];

$address2 = $_POST['Address2'];

$city = $_POST['City'];

$state = $_POST['State'];

$zip = $_POST['Zip'];

$phone = $_POST['Phone'];

$phonehome = $_POST['PhoneHome'];

$phonework = $_POST['PhoneWork'];

$phonecell= $_POST['PhoneCell'];

$email = $_POST['Email'];

$message = $_POST['Message'];

//FOLLOWING ITEM IS USED FOR EMAIL FRIEND FEATURE

$senderemail = $_POST['SenderEmail'];

 

 

////////  TRIM THE ENDS OF THE STRING TO REMOVE ANY EMPTY SPACES

$firstname = trim($firstname);

$lastname = trim($lastname);

$organization = trim($organization);

$address1 = trim($address1);

$address2 = trim($address2);

$city = trim($city);

$state = trim($state);

$zip = trim($zip);

$phonehome = trim($phonehome);

$phonework = trim($phonework);

$phonecell= trim($phonecell);

$email = trim($email);

$phone = trim($phone);

$message = trim($message);

$senderemail = trim($senderemail);

 

////////  STRIP HTML AND PHP TAGS FROM THE STRINGS

$firstname = strip_tags($firstname);

$lastname = strip_tags($lastname);

$organization = strip_tags($organization);

$address1 = strip_tags($address1);

$address2 = strip_tags($address2);

$city = strip_tags($city);

$state = strip_tags($state);

$zip = strip_tags($zip);

$phonehome = strip_tags($phonehome);

$phonework = strip_tags($phonework);

$phonecell= strip_tags($phonecell);

$email = strip_tags($email);

$phone = strip_tags($phone);

$message = strip_tags($message);

$senderemail = strip_tags($senderemail);

 

I know there has to be a better, more compact way to write this bit of code.  Would I use an array?

 

Code examples greatly appreciated as I am a php novice (but learnin more every day!).

 

Anyone have suggestions for compacting this code?  FYI, there are more blocks of code in my file. I pasted 3 blocks of code above just so you can get the idea of how I wrote the code.

 

Thanks in advance for any advice.

 

dlc

[Jessica]

You could make a function like this:

clean($text){

  return trim(html_entities(strip_tags($text)));

}

 

Then use that instead of three times.

$firstname = clean($_POST['FirstName']);

 

You may also want to check for words like "mime-type" as that's a sign someone is trying to hijack an email form. There's plenty of good articles out there about preventing email form hijacking.

[obsidian]

Because you are simply using the field name (in lower case) for your variable names, you could auto-generate your variables and run all your checks like this:

<?php
forech ($_POST as $k => $v) {
  $k  = strtolower($k);
  $$k = trim($v);
  $$k = strip_tags($$k);
}

// Now, all your variables have been created, trimmed and stripped
?>

[Orio]

Using a lot of variables is not comfortable. You can do something like this:

$data = array_map("strip_tags",array_map("trim", $_POST));

 

Now, if you want to use the city for an example, you would use $data['City']. First-name will be in $data['FirstName'] etc'

 

Orio.

[obsidian]

Using a lot of variables is not comfortable.

 

Why is that? If they're dynamically created, there shouldn't be enough overhead to worry about. Although, if you're looking at keeping them all in an array, why not just modify the post array and keep them in there:

<?php
foreach ($_POST as $k => $v) {
  $_POST[$k] = strip_tags(trim($v));
}

// Then, you can just access your $_POST variables, and they're clean
?>

 

I guess I'm just not understanding your point, Orio ???