Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New Coder
    Join Date
    Jan 2013
    Posts
    74
    Thanks
    19
    Thanked 1 Time in 1 Post

    Faster Method of Parsing HTML Forms

    I was just wondering if anyone had a better method at parsing HTML forms using PHP than this:

    PHP Code:
    $name $_POST['name'];
    $company $_POST['company'];
    $city $_POST['city']; 
    When the form only has a few fields its not a big deal, but when the form has a lot of fields then it just gets redundant to have to keep writing these lines, especially when the variable name is the same as the post field name.

    Is there a better method than this?

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,639
    Thanks
    0
    Thanked 649 Times in 639 Posts
    You should never write your code like that. All $_POST values need to be validated BEFORE you move the values to internal fields. Simply moving the values from the tainted $_POST fields to internal fields is both pointless and taints all of the values in your script. The ONLY reason for moving values like that rahter than simply using the original field is where you validate the field content before moving it so that you ensure that the resultant field is untainted (that is it definitely contains a valid value and cannopt contain just anything.

    If you are just going to use code like that without the validation then you may as well just turn register globals back on and delete those statements completely as they then serve no purpose.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #3
    New Coder
    Join Date
    Jan 2013
    Posts
    74
    Thanks
    19
    Thanked 1 Time in 1 Post
    Quote Originally Posted by felgall View Post
    You should never write your code like that. All $_POST values need to be validated BEFORE you move the values to internal fields. Simply moving the values from the tainted $_POST fields to internal fields is both pointless and taints all of the values in your script. The ONLY reason for moving values like that rahter than simply using the original field is where you validate the field content before moving it so that you ensure that the resultant field is untainted (that is it definitely contains a valid value and cannopt contain just anything.

    If you are just going to use code like that without the validation then you may as well just turn register globals back on and delete those statements completely as they then serve no purpose.
    I just typed it up that way to save time and be basic, but I always sanitize the form values like:

    PHP Code:
    $name cleanQuery($_POST['name']); 
    Just wondering if there is a quicker way to cycle through all those post fields and assign them to variables. Maybe there isn't, but I'm just wondering.

  • #4
    Senior Coder
    Join Date
    Aug 2006
    Posts
    1,259
    Thanks
    10
    Thanked 277 Times in 276 Posts
    I may get shot for some security hole, but:
    PHP Code:
    <?php
    $_POST
    ['name'] = "Bob";
    $_POST['company'] = "Apple";
    $_POST['city'] = "Sunnyvale";  

    extract($_POST);

    echo 
    "$name, $company, $city\n";  

    ?>

  • #5
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,639
    Thanks
    0
    Thanked 649 Times in 639 Posts
    If all the fields use the same validation function then you could validate them all using a loop.

    Code:
    $name = $company = $city = '';
    $allowed = array('name','company','city');
    reset ($_POST);
    while (list ($key, $val) = each ($_POST)) {
      if (in_array($key,$allowed) && $val)
        $$key = cleanQuery($val);
      }
    Last edited by felgall; 06-05-2014 at 11:22 PM.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #6
    Senior Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    3,280
    Thanks
    12
    Thanked 342 Times in 338 Posts
    I’m quite fond of the filter_input() function as that doesn’t throw a Warning if the POST/GET value isn’t even set (effectively removing the need of using isset()). plus you can add standard validation/sanitising (numbers, strings (including emails and URLs), booleans).
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •