Solved

PHP trim and addslashes to multiple input variables

Posted on 2007-04-09
6
1,847 Views
Last Modified: 2013-12-12
Is there a simple way of trimming and adding slashes to multiple, incoming $_POST or $_GET variables in PHP?

I have several input variables coming in (i.e. $_POST['first'],$_POST['last']) and I'd like to loop through them all, trim any newlines or spaces on either end, and add slashes for MySQL all at once, instead of:

$first = addslashes($_POST['first']);
$last = addslashes($_POST['last']);
$first = trim($first);
$last = trim($last);

I don't want to use magic_quotes because I need more control over where and when the form variable characters are escaped.

Thanks
$marc

0
Comment
Question by:marcparillo
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:glcummins
ID: 18877518
<?php
$arrMyPostVariables = array()

foreach ($_POST as $field=>$value)
{
   $arrMyPostVariables[$field] = addslashes($value);
}
?>

Then, you can cycle through or retrieve values from $arrMyPostVariables as needed.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 18877522
I apologize, I missed a semicolon:

<?php
$arrMyPostVariables = array();
...
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18877566
Thanks,

Could I also add a trim() command to your suggestion?

foreach ($_POST as $field=>$value)
{
   $arrMyPostVariables[$field] = addslashes($value);
   $arrMyPostVariables[$field] = trim($value);
}

And then, to extract the values from the new array, I just call them as needed? Like this? --

$arrMyPostVariables['first']
$arrMyPostVariables['last']


0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 24

Accepted Solution

by:
glcummins earned 200 total points
ID: 18877622
Yes, you can certainly add trim, or any other function. In fact, you can condense the code like this:

foreach ($_POST as $field=>$value)
{
   $arrMyPostVariables[$field] = trim(addslashes($value));
}

To extract the values, you will use your field names from your form. So, if you have a field named 'username', you would access it's value like this:

$arrMyPostVariables['username'];
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18877636
Excellent!
Exactly what I needed. Thank You!
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 18877639
Take a look at mysql_real_escape_string() also.  

http://www.php.net/manual/en/function.mysql-real-escape-string.php
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now