Hi i have been wondering for a little while whether there is a quicker process of assigning varibales to $_POST[] variables.
For example I have a form that produces 20 $_POST variables $_POST['username'], $_POST['pwd']...etc
at the moment I then do
$username = $_POST['username'] 20 times, which is very tiresome!!
is there a quicker way i can do this process??
thanks all
$_POST question
Moderator: General Moderators
it is best to do it that way, it is more secure, but if you are lazy, you could just do...
Code: Select all
extract($_POST);which is a security hole (see: viewtopic.php?t=36903 ).Pimptastic wrote:it is best to do it that way, it is more secure, but if you are lazy, you could just do...
Code: Select all
extract($_POST);
Always, always, always, always filter user-input by only allowing what you expect as input and nothing else. Otherwise, you're leaving the door to a couple of days in hell wide open.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
I will often create a whitelist for post handling. The whitelist contains the names of elements, along with types and may contain size limiters, if needed.. but that can be overcomplicated (sorta) for some.. a simple whitelist would be, like patrik suggested, just a filter based on the element names. Here's the quick and untested idea:
After you've cleaned the post data, you can use a separate function to extract out all the fields. I would suggest using the whitelist again so it can create variables for missing data so you don't have to deal with checking if the variable exists, but simply that it wasn't in the stream (set to false, since data in the post will be strings, numbers or arrays of the same.
Code: Select all
function postFilter($elementName) {
$whitelist = array('ab','ac','ag','bf');
return in_array($elementName, $whitelist);
}
$cleanedPost = array_filter($_POST,'postFilter');that's what i saidpatrikG wrote:
which is a security hole (see: viewtopic.php?t=36903 )