Solved

PHP trim and addslashes to multiple input variables

Posted on 2007-04-09
6
1,824 Views
Last Modified: 2013-12-12
Is there a simple way of trimming and adding slashes to multiple, incoming $_POST or $_GET variables in PHP?

I have several input variables coming in (i.e. $_POST['first'],$_POST['last']) and I'd like to loop through them all, trim any newlines or spaces on either end, and add slashes for MySQL all at once, instead of:

$first = addslashes($_POST['first']);
$last = addslashes($_POST['last']);
$first = trim($first);
$last = trim($last);

I don't want to use magic_quotes because I need more control over where and when the form variable characters are escaped.

Thanks
$marc

0
Comment
Question by:marcparillo
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:glcummins
ID: 18877518
<?php
$arrMyPostVariables = array()

foreach ($_POST as $field=>$value)
{
   $arrMyPostVariables[$field] = addslashes($value);
}
?>

Then, you can cycle through or retrieve values from $arrMyPostVariables as needed.
0
 
LVL 24

Expert Comment

by:glcummins
ID: 18877522
I apologize, I missed a semicolon:

<?php
$arrMyPostVariables = array();
...
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18877566
Thanks,

Could I also add a trim() command to your suggestion?

foreach ($_POST as $field=>$value)
{
   $arrMyPostVariables[$field] = addslashes($value);
   $arrMyPostVariables[$field] = trim($value);
}

And then, to extract the values from the new array, I just call them as needed? Like this? --

$arrMyPostVariables['first']
$arrMyPostVariables['last']


0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 24

Accepted Solution

by:
glcummins earned 200 total points
ID: 18877622
Yes, you can certainly add trim, or any other function. In fact, you can condense the code like this:

foreach ($_POST as $field=>$value)
{
   $arrMyPostVariables[$field] = trim(addslashes($value));
}

To extract the values, you will use your field names from your form. So, if you have a field named 'username', you would access it's value like this:

$arrMyPostVariables['username'];
0
 
LVL 3

Author Comment

by:marcparillo
ID: 18877636
Excellent!
Exactly what I needed. Thank You!
0
 
LVL 50

Expert Comment

by:Steve Bink
ID: 18877639
Take a look at mysql_real_escape_string() also.  

http://www.php.net/manual/en/function.mysql-real-escape-string.php
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Both Easy and Powerful How easy is PHP? http://lmgtfy.com?q=how+easy+is+php (http://lmgtfy.com?q=how+easy+is+php)  Very easy.  It has been described as "a programming language even my grandmother can use." How powerful is PHP?  http://en.wikiped…
I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now