with what he posted it seems to be order is not going to change.Quote:
Originally Posted by Way[2]Death
if you want it to be more "safe" just do whatever to $_POST
PHP Code:list($name, $email, $location, $interests) = funcName($_POST);
Printable View
with what he posted it seems to be order is not going to change.Quote:
Originally Posted by Way[2]Death
if you want it to be more "safe" just do whatever to $_POST
PHP Code:list($name, $email, $location, $interests) = funcName($_POST);
What was he moaning about? Putting the post data directly into variables/arrays is redundant. It's just as insecure and usually results in extra typing. Besides, as I said before: typing $_POST should remind you that the variables are still insecure.Quote:
Originally Posted by m0nsta.
If all of the data goes into a typical MySQL query, then you can use foreach to filter all of the data at once.
Putting POST data into variables is completely useless because arrays are so much easier to work with (not to mention it's more efficient in the long-run). Get used to typing a little bit extra to use arrays, because in the long run it's much easier than using variables... (Even less typing)PHP Code:function filter_post($type=0,$do_keys=true)
{
/* type=0; mysql
type=1; html
do_keys=true;1; Filter Keys
do_keys=false;0; Don't Filter Keys
*/
$post = array();
foreach($_POST as $key=>$value)
{
if($type==0)
{
if($do_keys) $key = mysql_real_escape_string($key);
$post[$key] = mysql_real_escape_string($value);
}else if($type==1)
{
if($do_keys) $key = htmlspecialchars($key);
$post[$key] = htmlspecialchars($value);
}
}
return $post;
}
Compare the above to this:PHP Code:print_r(filter_post(1)); //Print all keys and values of XSS-filtered $_POST Data to HTML document
Now try doing both methods with 15 different form variables (or more). The later is very repetitive and a waste of time in the long-run. The first would remain as 1 LoC. Arrays (like $_POST) are used for things like this by default for a reason.PHP Code:$name = htmlspecialchars($_POST['name']); //Filter 'name' for HTML output.
$email = htmlspecialchars($_POST['email']); //Filter 'email' for HTML output.
$location = htmlspecialchars($_POST['location']); //Filter 'location' for HTML output.
$interests = htmlspecialchars($_POST['interests']); //Filter 'interests' for HTML output.
echo 'Name: '.$name.'
<br/>Email: '.$email.'
<br/>Location: '.$location.'
<br/>Interests: '.$interests; //Print name, email, location, and interests to HTML Document.
Also, if you decide later to put the data in MySQL, you simply change the first method to filter for MySQL instead of HTML (which is easy as changing a '1' to a '0', [or taking the 1 out altogether in this case.]). The later you'd have to change each variable individually.
i completely agree with the part about arrays but i think he is asking how to easily turn the array goto a variable.