By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
431,745 Members | 1,957 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 431,745 IT Pros & Developers. It's quick & easy.

How to trim parameters and give them a prefix?

P: n/a
// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

// give them $p_ prefix
import_request_variables('gp', 'p_');

When I do the above the parameters are not trimmed in the end.

Example:

$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '

May 21 '07 #1
Share this Question
Share on Google+
10 Replies


P: n/a
Also sprach damezumari:
// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}
foreach ( $_POST as $varname =$value ) { $_POST[$varname] = trim(
$value ); }
import_request_variables('gp', 'p_');
Why? It's simpler, cleaner and safer to work with $_GET / $_POST directly.

Greetings,
Thomas
May 21 '07 #2

P: n/a
On May 21, 12:17 pm, damezumari <jannordgr...@gmail.comwrote:
// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

// give them $p_ prefix
import_request_variables('gp', 'p_');

When I do the above the parameters are not trimmed in the end.

Example:

$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '
As per brian's comment here
http://us2.php.net/import_request_variables
import_request_varaibles are independent on $_POST.
By the way what is the importance of using this function when $_POST
is global?

May 21 '07 #3

P: n/a
On 21 Mai, 19:17, damezumari <jannordgr...@gmail.comwrote:
// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

// give them $p_ prefix
import_request_variables('gp', 'p_');

When I do the above the parameters are not trimmed in the end.

Example:

$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '
The first line, where you loop post array will not update post
content, it assigns trimmed value to $varname.
When using foreach loop using $varname =$value, $varname holds a
copy of actual key and $value the copy of actual value.
You have update post array directly, like
[snip]
foreach($_POST as $varname =$value) {$_POST[$varname] =
trim($value);}
[/snap]

purcaholic

May 21 '07 #4

P: n/a
On May 21, 1:17 pm, damezumari <jannordgr...@gmail.comwrote:
// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

// give them $p_ prefix
import_request_variables('gp', 'p_');

When I do the above the parameters are not trimmed in the end.

Example:

$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '

In short, because $varname and $value are local copies of $_POST and
are not pointers to the original variable.

$varname is indeed getting trimmed, but you're overwriting that value
each time through the foreach loop, leaving $_POST['varname']
untouched.

May 21 '07 #5

P: n/a
On May 21, 2:02 pm, "Thomas Mlynarczyk" <tho...@mlynarczyk-
webdesign.dewrote:
Also sprach damezumari:
// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

foreach ( $_POST as $varname =$value ) { $_POST[$varname] = trim(
$value ); }
import_request_variables('gp', 'p_');

Why? It's simpler, cleaner and safer to work with $_GET / $_POST directly.

Greetings,
Thomas
I may agree with simplicity and cleanliness to some extend but how is
it safer?

May 21 '07 #6

P: n/a
Also sprach jm***@fastermail.com:
>>import_request_variables('gp', 'p_');
>Why? It's simpler, cleaner and safer to work with $_GET / $_POST
directly.
I may agree with simplicity and cleanliness to some extend but how is
it safer?
There are general security issues with global variables. With
register_globals on, anyone could create a global variable with any content
in your script. Thus, you would have to be *very* careful and make
absolutely sure all your global variables are properly initialized by your
script. This can be done, of course, but it *is* a potential source for
security leaks. In addition, there is a security hole in some versions of
PHP (both 4 and 5) where it is possible for a hacker to overwrite your whole
$GLOBALS array. Another point: If you import the request variables, you
cannot be sure whether they come from $_GET or $_POST or if they are set at
all.

Of course, if register_globals is off, you are much safer. But what if
someday your script runs in an environment with register_globals on?
Besides, using global variables the way you intend to indicates bad coding
practises. If someday your script should become part of another project
using global variables, name collisions may occur leading to errors which
might be hard to debug.

Greetings,
Thomas
May 22 '07 #7

P: n/a
On May 22, 5:20 am, "Thomas Mlynarczyk" <tho...@mlynarczyk-
webdesign.dewrote:
Also sprach j...@fastermail.com:
>import_request_variables('gp', 'p_');
Why? It's simpler, cleaner and safer to work with $_GET / $_POST
directly.
I may agree with simplicity and cleanliness to some extend but how is
it safer?

There are general security issues with global variables. With
register_globals on, anyone could create a global variable with any content
in your script. Thus, you would have to be *very* careful and make
absolutely sure all your global variables are properly initialized by your
script. This can be done, of course, but it *is* a potential source for
security leaks. In addition, there is a security hole in some versions of
PHP (both 4 and 5) where it is possible for a hacker to overwrite your whole
$GLOBALS array. Another point: If you import the request variables, you
cannot be sure whether they come from $_GET or $_POST or if they are set at
all.

Of course, if register_globals is off, you are much safer. But what if
someday your script runs in an environment with register_globals on?
Besides, using global variables the way you intend to indicates bad coding
practises. If someday your script should become part of another project
using global variables, name collisions may occur leading to errors which
might be hard to debug.

Greetings,
Thomas
Ok the question that I was asking earlier on is why would want to
import variables rather than using the $_POST variable which is
global. So I thought you were referring to its safety over $_POST and
not using ordinary global variables which are set when
register_globals is on. As for using $_POST there is no added security
in using imported variables and some extend you can say $_POST is
slightly more secure just comparing as you are aware where your
variables are coming from.

May 22 '07 #8

P: n/a
Thanks for all the replies!

As far as I can gather from the replies and my new testing:

This does not trim the post variables:
foreach($_POST as $varname =$value) {$varname = trim($value);} does
not trim the post variables.

but this does:
foreach($_POST as $varname =$value) {$_POST[$varname] =
trim($value);}

However, this trimming has no effect on the variables you get from:
import_request_variables('gp', 'p_');

So, the question remains, if I want to use global variables how do I
trim them? I can of course do it by hand one at a time, but is there
no other way?

May 22 '07 #9

P: n/a
damezumari wrote:
Thanks for all the replies!

As far as I can gather from the replies and my new testing:

This does not trim the post variables:
foreach($_POST as $varname =$value) {$varname = trim($value);} does
not trim the post variables.

but this does:
foreach($_POST as $varname =$value) {$_POST[$varname] =
trim($value);}

However, this trimming has no effect on the variables you get from:
import_request_variables('gp', 'p_');

So, the question remains, if I want to use global variables how do I
trim them? I can of course do it by hand one at a time, but is there
no other way?
Why do you need import_request_variables(), anyway? Everything is in
the superglobals $_GET, $_POST or $_COOKIE.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
May 22 '07 #10

P: n/a
At Mon, 21 May 2007 10:17:15 -0700, damezumari let his monkeys type:
// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

// give them $p_ prefix
import_request_variables('gp', 'p_');

When I do the above the parameters are not trimmed in the end.

Example:

$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '
foreach ($_POST as $key=>$value) {
${'p_' . $key} = trim ($value);
}

I'm not saying I like this solution, but this does what you asked.
Sh.

May 22 '07 #11

This discussion thread is closed

Replies have been disabled for this discussion.