...

View Full Version : Resolved How to prevent the last comma in a loop?



fail
01-18-2010, 09:57 AM
Lazy me wrote a small page that, when I input "name address phone", will output

$name = $_POST['name'];
$address = $_POST['address'];
$phone = $_POST['phone'];

(name, address, phone, )

VALUES ('$name', '$address', '$phone', )

How do I prevent the last comma, which will obviously cause an error later in mySQL?



<form id="FormName" action="<?php echo $PHP_SELF;?>" method="post" name="FormName">

<textarea name="note" rows="10" cols="60"></textarea>

<input type="submit" name="submitButtonName" value="Go!">
</form><P>

<?php

$words = explode(" ", $_POST['note']);

for($i = 0; $i < count($words); $i++)
{ echo "$$words[$i] = $_POST['$words[$i]']; <br />"; }


echo "<P>(";
for($i = 0; $i < count($words); $i++)
{ echo "$words[$i], "; }
echo ")";


echo "<P>VALUES (";
for($i = 0; $i < count($words); $i++)
{ echo "'$$words[$i]', "; }
echo ")";

?>

[Paul Ferrie ]
01-18-2010, 10:00 AM
if($i != count($words)){
echo "$words[$i], ";
}else{
echo "$words[$i]";
}


Hope it helps

abduraooft
01-18-2010, 10:02 AM
for($i = 0; $i < count($words); $i++)
{ echo "'$$words[$i]', "; }
echo ")";

echo '('.implode(',',$words).')';

fail
01-18-2010, 10:34 AM
Thanks a lot! I change now to:



<form id="FormName" action="<?php echo $PHP_SELF;?>" method="post" name="FormName">

<textarea name="note" rows="10" cols="60"></textarea>

<input type="submit" name="submitButtonName" value="Go!">
</form><P>

<?php

$words = explode(" ", $_POST['note']);

for($i = 0; $i < count($words); $i++)
{ echo "$$words[$i] = $_POST['$words[$i]']; <br />"; }

echo '<P>('.implode(', ',$words).')'."<P>";

echo 'VALUES ('$'.implode('','$',$words).'')';


?>


Note: I use HTML &#.. special character for $ (36) and ' (39), otherwise you may get errors. However, the save here back to $ and '

Those little php tricks are really great for learning!

abduraooft
01-18-2010, 10:44 AM
<form id="FormName" action="<?php echo $PHP_SELF;?>" method="post" name="FormName">
You shouldn't depend upon the ON status of register_globals. See http://php.net/manual/en/security.globals.php and http://www.php.net/manual/en/faq.using.php#faq.register-globals

And your form is susceptible to XSS attacks, see http://seancoates.com/xss-woes

fail
01-18-2010, 10:54 AM
You shouldn't depend upon the ON status of register_globals. See http://php.net/manual/en/security.globals.php and http://www.php.net/manual/en/faq.using.php#faq.register-globals

And your form is susceptible to XSS attacks, see http://seancoates.com/xss-woes

That may be true. But for such an attack you need to connect to my office network. That page ain't on the www.

That's why all I write is basically unsecured, coz I don't need it. However, I am aware of risks and would implement it if I would go online.

PS: what happened to the "Resolved" feature here?

abduraooft
01-18-2010, 10:58 AM
PS: what happened to the "Resolved" feature here? I think it's still there, check the last one at http://www.codingforums.com/postguide.htm

fail
01-18-2010, 11:10 AM
Oh, thanks, I overlooked that....

BTW, to get rid of all white space but one I did this:



$words = explode(" ", (preg_replace('/\s\s+/', ' ', (trim($_POST['note'])))));

JAY6390
01-18-2010, 02:02 PM
I don't understand why people use PHP_SELF. It's less work to NOT add it and it's the secure way and it will still work the same. You should change

<form id="FormName" action="<?php echo $PHP_SELF;?>" method="post" name="FormName">
to


<form id="FormName" action="" method="post" name="FormName">
A blank action will work in the same way as putting the current URL in the action

kbluhm
01-18-2010, 02:08 PM
Oh, thanks, I overlooked that....

BTW, to get rid of all white space but one I did this:



$words = explode(" ", (preg_replace('/\s\s+/', ' ', (trim($_POST['note'])))));




$words = preg_split( '/\s/', $_POST['note'], -1, PREG_SPLIT_NO_EMPTY );



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum