Page 1 of 1

register globals off

Posted: Wed Jun 14, 2006 3:20 am
by php3ch0
Hi all

is there any easier way to submit forms with register_globals off than this?

Code: Select all

$entry1 = $_POST['entry1'];
$entry2 = $_POST['entry2'];
$entry3 = $_POST['entry3'];
$entry4 = $_POST['entry4'];
$entry5 = $_POST['entry5'];
$entry6 = $_POST['entry6'];

etc...

Posted: Wed Jun 14, 2006 3:38 am
by GM
Depends what you want to do with the data, but I often use something like:

Code: Select all

foreach($_POST as $key=>$data) {
   $$key = $data;
}
This will generate a series of variables with names corresponding to your $_POST array.

Remember to clean/parse etc. too.

Posted: Wed Jun 14, 2006 3:41 am
by php3ch0
of course clean/parse etc

Thats just saved me loads of work. I got loads of forms all with about 20 variables.

Posted: Wed Jun 14, 2006 2:39 pm
by John Cartwright
GM wrote:

Code: Select all

foreach($_POST as $key=>$data) {
   $$key = $data;
}
If your going for this method, then your far better to use extract() and avoid looping all together. A more recommended method is check for expected variables, usually followed with their validation rules..

I usually do something along the lines of

Code: Select all

<?php 

/** 
  * Params array
  * param name => validation pattern, required (true)/optional (false)
  */

$params = array(
   'firstname' => array('/[a-Z]+/', true),
   'lastname' => array('/[a-Z]+/', true),
   'somekey' => array('/[0-9]+/', false)
);

$validation = new Validation($params, $_POST);

if ($validation->isValid())
{
   //do some action because all required params are valid and present
}
else
{
   echo '<pre>';
   print_r($validation->getInvalidParams());
   echo '</pre>';
}

?>
the validation object looking roughly like

Code: Select all

class Validation()
{
   protected $invalid;
   protected $params;
   protected $source;

   public function __construct($params, $source)
   {
      $this->params = $params;
      $this->source = $source;
   }

   public function isValid()
   {
      if (!is_array($this->params) && !count($this->params))
      {
         throw Exception('Must supply array of required paramaters');
      }

      foreach ($this->params as $param => $rules)
      {
         if (empty($this->source[$param]) && $rules[1] == true)
         {
            array_push($this->invalid, $param);
         }
         elseif (isset($this->source[$param]) && !preg_match($rules[0], $this->source[$param]))
         {
            array_push($this->invalid, $param);
         }
      }

      return (is_array($this->params) && count($this->params) ? true : false);
   }

   public function getInvalidParams()
   {
      if (!is_array($this->params) && !count($this->params))
      {
         throw Exception('Method cannot be called unless invalid params recognized');
      }

      return $this->invalid;
   }
}

Posted: Thu Jun 15, 2006 2:59 am
by GM
Jcart wrote: If your going for this method, then your far better to use extract() and avoid looping all together.
Good stuff, thanks. I didn't know the extract() function existed!

I agree about the validation methods - I also have a Validation object that cleans input depending on the variables I'm expecting to find.