0

I've been working on trying to write a function that will grab the POST values of any given form submission, pop them into an array, loop through the array using trim, addslashes etcetera pass that value back to a variable where it can then be passed to a database.

Now the hurdle I have atm is getting all the input,textarea,select element data into an array upon form submission. code I have follows

$fields = array($_POST['1'], $_POST['2']);

    $i = 0;
    foreach ($fields as $field) {
        $i++;
        ${'field'.$i } = trim(addslashes(strip_tags($field)));
        echo "POST field info #". $i ."&nbsp;-&nbsp;". ${'field'.$i }."<br />";
    }

As you can see everything is fine here baring that the POST value names are still being in-putted statically, what I need is a way to get that POST data fed into a loop which dynamically calls the POST name using an increment variable and then pop all that data into the same array. Code I have tried follows.

for ($ii=0;$ii++;) {
    foreach($_POST['$ii'] as $field) {
        $fields = array($field);
    }
}

    $i = 0;
    foreach ($fields as $field) {
        $i++;
        ${'field'.$i } = trim(addslashes(strip_tags($field)));
        echo "POST field info #". $i ."&nbsp;-&nbsp;". ${'field'.$i }."<br />";
    }

Now I know this wont work but I can sense I am relatively close, so I am wondering if any clever person can help me sort the last part out? I sadly am now going to sleep and wont be viewing this post for at least 9 hours, apologies.

Thanks in advance.

Dan.

zealisreal
  • 495
  • 2
  • 8
  • 20

2 Answers2

2
$arrayOfPostValues = $_POST;  // it already is an array
$arrayOfPostValues = array_map('strip_tags', $arrayOfPostValues);
$arrayOfPostValues = array_map('trim', $arrayOfPostValues);

Or, if you really, really want to use a loop:

foreach ($arrayOfPostValues as &$value) {
   $value = trim(striptags($value));
}

I'd absolutely advise against the use of addslashes, it serves very little purpose. Use mysql_real_escape_string or prepared statements instead.

I'd also advise against breaking the vales out of the array into separate variables, it can only cause problems. If you really want to do it, there's the extract function, which does exactly that. But, again, don't do it. Arrays are the perfect way to handle this kind of data.

deceze
  • 510,633
  • 85
  • 743
  • 889
  • Thanks for the response deceze, I will have a go at this tonight, see how it turns out for me, dont worry I would use mysql_real_escape_string normally but for testing I am not connecting to a db atm so using that would only throw up an error. – zealisreal Nov 11 '10 at 12:41
0

You need to assign values to $_POST[1] and $_POST[2] to begin with, I've done this for you but normally they would be populated from a form I assume?

I'm not sure why you want to do this sort of thing: ${'field'.$key}, but I've left that part as is as I assume you must have a reason.

Anyway I've modified your code a bit, see below.

$_POST['1'] = '<h1>variable 1</h1>';
$_POST['2'] = '<h2>variable 2</h2>';

foreach($_POST as $key => $value){
    ${'field'.$key} = trim(addslashes(strip_tags($value)));
    echo "POST field info #". $key ." = ". ${'field'.$key}."<br />";
}

The above code outputs:
POST field info #1 = variable 1
POST field info #2 = variable 2

On a side note, using field names such as '1' and '2' is not very good. Try using something more descriptive but as I said above I assume you have a reason for doing this.


UPDATE: You can still get this to work for any form even if you are using specific names for the form elements. I have added a few lines below as an example for you.

$_POST['email'] = 'example@example.com';
$_POST['password'] = 'hgbks78db';
$_POST['name'] = '';

foreach($_POST as $key => $value){
    if($value==''){
        echo 'POST field "'.$key . '" is empty<br />';
        /* I added the name of the field that is empty to an error array 
        so you have a way of storing all blank fields */
        $a_error[] = $key;
    }
    else{
        echo 'POST field "'.$key . '" is not empty<br />';
    }
}
Drew
  • 116
  • 4
  • Thank you Drew for your response, I will be having a go at this tonight after work. Your correct the form elements are named inside the form as per usual, now the reason I am opting for generic element names is so that the form validation function will work for any form on a site under any circumstance. I have a site planned which will have a population of 15 forms and validating them all personally with specific element names i.e. "email" or "password" would take a lot of lines of code. My mission is to optimise this :) – zealisreal Nov 11 '10 at 12:44
  • Hi Drew, your code worked fine for what you posted, my only concern is that using $_POST generically means that the submit element value is also posted as part of that $_POST loop, do you know how I would be able to bypass the $_POST array indexing that value? – zealisreal Nov 12 '10 at 00:18
  • Ignore that, I found the answer, I just unset the $_POST['form'] before the loop. – zealisreal Nov 12 '10 at 00:24