PHP $_POST and variables

Nomadicus · 09-16-2003, 03:33 PM

I've decided to recode all my variables on my pages as PHP 4.3 now demands they be (unless you have register_globals = on) as :

$_POST['var_name']

I'm doing this in advance in case any server I am on has register_globals = off (as is now recommended). Thus, using just $var_name is no longer sufficient to obtain its value. You must fetch the value as shown above.

The problem is, however, when doing things like a trim() on a variable, e.g. "FirstName" this will not obviously work :

$FirstName = trim(\"$_POST['FirstName']\");

Nor will :

$FirstName = trim($_POST['FirstName']);

The trim() function seems to demand a string literal. The only way I can see around this issue is to do :

$FirstName = $_POST['FirstName'];
$FirstName = trim(\"$FirstName\");

This seems like a double operation on any variable that I want to manipulate, a lot of extra coding.

Anybody have a better idea?

Thanks in advance.

mordred · 09-16-2003, 03:55 PM

$FirstName = trim($_POST['FirstName']);

works as expected for me. PHP 4.2.1 on Apache 1.3, register_globals set to "off".

whackaxe · 09-16-2003, 03:55 PM

i don't actually see the problem with
$my_var = trim($_POST['me_var']);

is it just me?
i use it all the time

Nomadicus · 09-16-2003, 08:52 PM

I was actually trying to use this construction inside of an UPDATE SET statement as :

$sql = "UPDATE $table_name
SET
FirstName = trim($_POST['FirstName']),
.
.
";

And the PHP interpreter keeps complaining with :

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING

It doesn't mind the original, of course :

FirstName = trim(\"$FirstName\"),

So now I have a new issue to tackle, e.g. how to format this correctly for the SET statement.

mordred · 09-16-2003, 09:07 PM

If you refer to an array element by it's key, you can't have the key in quotes when the variable is contained in a string. So this should work:

PHP Code:


			
$sql = "UPDATE $table_name

SET

FirstName = trim($_POST[FirstName]),

.

.

";

or

PHP Code:


			
$sql = "UPDATE $table_name

SET

FirstName = trim({$_POST['FirstName']}),

.

.

";

See also the manual entry on string parsing:
http://us2.php.net/manual/en/languag...string.parsing

Spookster · 09-16-2003, 09:16 PM

You should really just declare and initialize all of your variables anyways in the beginning and never try to do multiple things all in one line. That detracts from readability of the code.

For example this is more readable...

//Declare and Initialize POST data
$firstname = $_POST['first'];
$lastname = $_POST['last'];

//Remove whitespace from data
$firstname = trim($firstname);

//Define query
$sql = "SELECT col FROM tablename WHERE yaks = '$firstname'";

than this

$sql = "SELECT col FROM tablename WHERE yaks = 'trim($_POST['first']'";

Yes it takes a few more lines of code but will save you time or others time if you every have to go back to the code later on. Plus if you declare and initialize your variables in the beginning then if you ever needed to change the name of a form element or something then you won't have to go through the code looking for each occurence where you used it at. You would just need to change it at the beginning.

Nomadicus · 09-16-2003, 09:28 PM

I had forgotten about that rule, or never even realized it.

Both examples work fine for me.

Nomadicus · 09-16-2003, 09:36 PM

I guess we can sometimes be too clever by 1/2 as programmers, always trying to squeeze in more and more functionality.

I still prefer (for the reasons you mention) the old

if . . . else

construction, rather than the "?" conditional operator.

I'll take readable (and thus maintainable) code over obfuscated & compacted code every time, even if it might be a tad slower. Who cares anyway while the 56k modem still reigns supreme?

Spookster · 09-16-2003, 10:20 PM

Quote:

Originally posted by Nomadicus
I guess we can sometimes be too clever by 1/2 as programmers, always trying to squeeze in more and more functionality.

I still prefer (for the reasons you mention) the old

if . . . else

construction, rather than the "?" conditional operator.

I'll take readable (and thus maintainable) code over obfuscated & compacted code every time, even if it might be a tad slower. Who cares anyway while the 56k modem still reigns supreme?

My computer science professors in college would give me dirty looks if I mentioned the ternary operator. Not many people can easily read expressions using it so overall it makes code more unreadable.