3

I am sure that there is a better way of mapping all the _POST parameters to variables with the same name. Does anybody know how to do this better?

$ownerName = $_POST["ownerName"];
$ownerEmail = $_POST["ownerEmail"];
$ownerPhone = $_POST["ownerPhone"];
$ownerAddress = $_POST["ownerAddress"];
$buyerName = $_POST["buyerName"];
$buyerEmail = $_POST["buyerEmail"];
$buyerPhone = $_POST["buyerPhone"];
$buyerAddress = $_POST["buyerAddress"];
$propertyAddress = $_POST["propertyAddress"];
$parcelNumber = $_POST["parcelNumber"];

Thanks so much.

Isaac Lewis
  • 1,189
  • 2
  • 14
  • 26

3 Answers3

7

There's a function in PHP to extract the values to vars:

<?php
extract($_POST, EXTR_SKIP);
?>
SERPRO
  • 10,015
  • 8
  • 46
  • 63
  • Wow I learned something new today. Curious how secure this really is? For example, if I have a boolean '$authorized' and someone posts with `authorized=true` would it overwrite that value. – Amir Raminfar Oct 31 '11 at 16:47
  • Wow! Thanks so much for the perfect answer, and for helping the n00b. =D – Isaac Lewis Oct 31 '11 at 16:48
  • @Amir with the second parameter you can avoid that.. the one I put "EXTR_SKIP" will do exactly that.. if the var already exists, don't override. – SERPRO Oct 31 '11 at 16:49
  • Amir, that's what the EXTR_SKIP is for, if the variable already exists, it will not overwrite it. – aziz punjani Oct 31 '11 at 16:49
  • Amir - I think that it would just set the variable `$authorized` to a value of `true`. Isn't that right, SeRPRo? – Isaac Lewis Oct 31 '11 at 16:50
  • @Crossdiver the second parameter is the one that sets the behaviour. – SERPRO Oct 31 '11 at 16:51
  • @CRossdriver: it'd set a STRING `true`, never a boolean true. Everything in POST/GET/REQUEST/COOKIE is a string. – Marc B Oct 31 '11 at 16:52
  • @AmirRaminfar you're welcome. Crossdiver you can mark the answered if you think is correct :) – SERPRO Oct 31 '11 at 16:52
  • @SeRPRo - Ahh, I see. MarcB - Gotcha, url params are always strings. Very good to know. SeRPRo - yep, just waiting for the countdown. 5mins left. =D – Isaac Lewis Oct 31 '11 at 16:55
  • 1
    Its a very cool function but it says on the page, WARNING - Do not use extract() on untrusted data, like user input (i.e. $_GET, $_FILES, etc.). If you do, for example if you want to run old code that relies on register_globals temporarily, make sure you use one of the non-overwriting extract_type values such as EXTR_SKIP and be aware that you should extract in the same order that's defined in variables_order within the php.ini. – Drewdin Oct 31 '11 at 17:16
2

You can use a foreach this way (differently from extract you can manipulate/check the variable name or the values

<?php
foreach($_POST as $key => $value) 
   $$key = $value;
?>
Marcx
  • 6,806
  • 5
  • 46
  • 69
1

If you're on php > 5, I would recommend taking a look at this:

http://www.php.net/manual/en/function.filter-input-array.php

The filter input functions allow you to easily apply some validation and sanitation, which you will probably want.

rmorero
  • 596
  • 4
  • 10