$ POST array

Forum Moderators: coopster

Message Too Old, No Replies

$ POST array

Array within the array

Clay213

4:52 am on Jan 9, 2010 (gmt 0)

I came across [webmasterworld.com...] and in trying coopster's answer I ran into a problem with the post array containing arrays.

Most of the values worked

such as: ss_agerangelow is 18

But then I have some check box and other multiple answer elements:

ss_social_situation is Array

I tried doing this:

print_r($_POST);
if ($_POST) {
foreach (array_keys($_POST) as $key) {
$$key = $_POST[$key];
if (is_array(${$key})){
 foreach (array_keys(${$key}) as $key2) {
$$key2 = $_POST[$key2];
print "$key2 was part of array $key = ${$key2}<br />";
 }
}
 else{
print "$key is ${$key}<br />";}
}
}

But that didn't work.

My goal is to get the post array values into my database. I also need to do some validation and sql injection protection stuff in between right?

Clay213

5:21 am on Jan 9, 2010 (gmt 0)

OK. I've got it working somewhat

if ($_POST) {
foreach (array_keys($_POST) as $key) {
$$key = $_POST[$key];
if (is_array(${$key})){
foreach(${$key} as $key2){
$$key2 = $_POST[$key2];
print "$key2 was part of array $key = $key<br />";
 }
}
 else{
print "$key is ${$key}<br />";}
}
}

New to the Area was part of array ss_social_situation = ss_social_situation

So now what should I do to filter and check this stuff before putting it in my DB?

coopster

12:02 am on Jan 20, 2010 (gmt 0)

The bottom line is that you can never trust user-supplied input. Validate each POST value with what you expect to be there. Everything else gets rejected and you let the user know. Once all looks like you might expect you can prep the data for insertion or update to your database. Escape the data before you use it in an SQL query or use prepared statements.

$ POST array

Array within the array

Clay213

Clay213

coopster

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week