I have been doing web programming with PHP for about 2 months,and for forms, I have been retrieving user input in a manner such as this:
For standard <input type="text">:
/*input sanitation*/
function testInput($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = mysql_real_escape_string($data);
return $data;
}
/*just gets the data*/
function getRText($HTMLname) {
if (isset ( $_POST [$HTMLname] ) && ! empty ( $_POST [$HTMLname] )) {
return testInput(( $_POST [$HTMLname] ));
} else {
throw new Exception("Input is missing from " + $HTMLname);
}
}
And then, on another script, I'd do something like this:
$userID = getRText('uid');
$company = getRText('company');
$projectNum = getRText('projnum');
$dataArray = array($userID, $company, $projectNum);
The problem with this approach is it's very time consuming when I have a large form. I'm thinking in Perl (using Perl CGI), I'd be able to dynamically loop across the user input fields, and add each input into an array dynamically, but I'm not sure if something like this is possible in PHP. Right now, I'm currently having to manually pull each data from each input. All the PHP form examples online do it in this manner as well. Is this the correct way of pulling data from PHP forms?
All data from a form is delivered to your script in either the $_POST or $_GET array.
So you could simply do
This will run your sanitization and place the data back into the $_POST array therefore removing the need for yet another array.
I never did understand why people move data from the $_POST/$_GET array to scalar variables or other arrays. Its a perfectly good array and once delivered to you its all yours to do whatever you like with.