Post data + globals

[bob_the _builder]

Hi,

 

Is the following code pluasable to use and safe?

 

foreach($_POST as $key=>$value){
$$key = ValidateInput($value);
}

 

Basically then u can use the variable

 

$name

 

rather than

 

$_POST['name']

 

?

 

Thanks

[boo_lolly]

why would it matter to use $_POST['name']? what are you trying to accomplish?

 

 

in the mean time, look into the define() function. i believe you'd be able to store your new variable names into an array... then zip through the names array and the $_POST array to affilliate a certain post variable with a new defined name.

[bob_the _builder]

Because its tidyer code and less to type.

 

Saves you converting

 

$_POST['name']

 

to

 

$name = $_POST['name']

 

So when you use INSERT etc post data goes straight in as $name less code and much tidyer.

[boo_lolly]

there's no need to convert your post variables. you can use $_POST inside a sql query. if you're worried about sql injection, just write a function and clean all the $_POSTed variables. you can still keep them the same.

[bob_the _builder]

Hi,

 

Maybe im not explaing my question well enough..

 

I am covered for sql injection ValidateInput($value);

 

The following code:

 

foreach($_POST as $key=>$value){
$_POST[$key] = ValidateInput($value);
}

 

cleans my post data then I use the variable as $_POST['name']

 

this code:

 

foreach($_POST as $key=>$value){
$$key = ValidateInput($value);
}

 

*note: $$key

 

cleans my post data then I can simply use the variable $name

 

This creates less typing and also shorter code.

 

Is this acceptable/safe way to code?

 

Thanks

 

[boo_lolly]

shorter code would be:

array_walk($_POST, 'ValidateInput');