SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast Dreeass's Avatar
    Join Date
    Sep 2012
    Posts
    52
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Going through every POST variable.

    So when using this code on my form I get the following output:

    WHILE:

    p2p
    on
    category
    Revenants

    PHP:
    Code:
    while($i = current($_POST)) {
    		echo key($_POST);
    		echo '<br />';
    		echo $i;
    		echo '<br />';
    		next($_POST);
    	}
    Form (too long to post here): http://pastebin.com/5Gcsz42m

    Why doesn't it echo all of it?

  2. #2
    Hosting Team Leader silver trophybronze trophy
    cpradio's Avatar
    Join Date
    Jun 2002
    Location
    Ohio
    Posts
    4,807
    Mentioned
    141 Post(s)
    Tagged
    0 Thread(s)
    Probably because that is assuming the cursor in $_POST is located at the beginning of the array.

    Per the manual
    Every array has an internal pointer to its "current" element, which is initialized to the first element inserted into the array.
    However, all of the examples are numerically based index arrays. $_POST is not that type of an array, it is an associative array, and so the first inserted element, doesn't necessarily mean that element is located at the beginning of the array.

    It would be best to use a foreach loop, or to skip the loop altogether and just use print_r or var_dump
    PHP Code:
    foreach ($_POST as $key => $val)
    {
      echo 
    $key '<br />' $val '<br />';
    }

    // OR
    echo '<pre>';
    print_r($_POST);
    echo 
    '</pre>';

    // OR
    echo '<pre>';
    var_dump($_POST);
    echo 
    '</pre>'
    Be sure to congratulate xMog on earning April's Member of the Month
    Go ahead and blame me, I still won't lose any sleep over it
    My Blog | My Technical Notes

  3. #3
    SitePoint Enthusiast Dreeass's Avatar
    Join Date
    Sep 2012
    Posts
    52
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by cpradio View Post
    Probably because that is assuming the cursor in $_POST is located at the beginning of the array.

    Per the manual


    However, all of the examples are numerically based index arrays. $_POST is not that type of an array, it is an associative array, and so the first inserted element, doesn't necessarily mean that element is located at the beginning of the array.

    It would be best to use a foreach loop, or to skip the loop altogether and just use print_r or var_dump
    PHP Code:
    foreach ($_POST as $key => $val)
    {
      echo 
    $key '<br />' $val '<br />';
    }

    // OR
    echo '<pre>';
    print_r($_POST);
    echo 
    '</pre>';

    // OR
    echo '<pre>';
    var_dump($_POST);
    echo 
    '</pre>'
    Thanks, I started with Java and get confused or don't know every validators in PHP yet. The validators (the brackets after if, English isn't my primary language so I'm not always sure if the word I'm typing is the correct one) are much more simple in Java because there are less options with more outcomes if you know what I mean.

  4. #4
    SitePoint Evangelist
    Join Date
    Oct 2005
    Location
    Michigan, USA
    Posts
    434
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    while($i = current($_POST)) {

    is not your best condition to check. If the value is "falsy" (empty string, zero) it will break the loop. That's likely what was happening to you. foreach() as shown in the previous post would be better.
    - Robert

  5. #5
    SitePoint Member
    Join Date
    Oct 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You may also want to check the $_POST for any illegal characters and sanitize against possible XSS attacks.

    Current setup would not prevent code being inserted by placing
    Code:
    <script>alert("hacked")</script>
    in your input box.

    Using
    Code:
    htmlspecialchars($_POST);
    and
    Code:
    strip_tags($_POST);
    would help to avoid this.

  6. #6
    SitePoint Enthusiast Dreeass's Avatar
    Join Date
    Sep 2012
    Posts
    52
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Skelly1983 View Post
    You may also want to check the $_POST for any illegal characters and sanitize against possible XSS attacks.

    Current setup would not prevent code being inserted by placing
    Code:
    <script>alert("hacked")</script>
    in your input box.

    Using
    Code:
    htmlspecialchars($_POST);
    and
    Code:
    strip_tags($_POST);
    would help to avoid this.
    Of course I'm clearing unwanted characters, don't play me for a fool.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •