If you need each variable name separate (not in an array) like in your example:
foreach($_POST as $key => $val) {
$$key = test_input($val);
}
Question
I want to be able to sanitize all of my form elements in one for statement. Problem being, I'm not exactly sure how I would do this as simply as possible. These are my PHP variables I want to be sanitized.
$dateMonth = $_POST["dateMonth"];
$dateDay = $_POST["dateDay"];
$game = $_POST["bbsb"];
$gameType = $_POST["type"];
$VisitorTeamname = $_POST["VisitorTeamname"];
$VisitorInning1 = $_POST["VisitorInning1"];
$VisitorInning2 = $_POST["VisitorInning2"];
$VisitorInning3 = $_POST["VisitorInning3"];
$VisitorInning4 = $_POST["VisitorInning4"];
$VisitorInning5 = $_POST["VisitorInning5"];
$VisitorInning6 = $_POST["VisitorInning6"];
$VisitorInning7 = $_POST["VisitorInning7"];
$VisitorInning8 = $_POST["VisitorInning8"];
$VisitorInning9 = $_POST["VisitorInning9"];
$VisitorInning10 = $_POST["VisitorInning10"];
$VisitorInning11 = $_POST["VisitorInning11"];
$VisitorInning12 = $_POST["VisitorInning12"];
$VisitorR = $_POST["VisitorR"];
$VisitorH = $_POST["VisitorH"];
$VisitorE = $_POST["VisitorE"];
$VisitorRecord = $_POST["VisitorRecord"];
$HomeTeamname = $_POST["HomeTeamname"];
$HomeInning1 = $_POST["HomeInning1"];
$HomeInning2 = $_POST["HomeInning2"];
$HomeInning3 = $_POST["HomeInning3"];
$HomeInning4 = $_POST["HomeInning4"];
$HomeInning5 = $_POST["HomeInning5"];
$HomeInning6 = $_POST["HomeInning6"];
$HomeInning7 = $_POST["HomeInning7"];
$HomeInning8 = $_POST["HomeInning8"];
$HomeInning9 = $_POST["HomeInning9"];
$HomeInning10 = $_POST["HomeInning10"];
$HomeInning11 = $_POST["HomeInning11"];
$HomeInning12 = $_POST["HomeInning12"];
$HomeR = $_POST["HomeR"];
$HomeH = $_POST["HomeH"];
$HomeE = $_POST["HomeE"];
$HomeRecord = $_POST["HomeRecord"];
$VisitorPitcher1Name = $_POST["VisitorPitcher1Name"];
$VisitorPitcher1IP = $_POST["VisitorPitcher1IP"];
$VisitorPitcher1R = $_POST["VisitorPitcher1R"];
$VisitorPitcher1ER = $_POST["VisitorPitcher1ER"];
$VisitorPitcher1H = $_POST["VisitorPitcher1H"];
$VisitorPitcher1BB = $_POST["VisitorPitcher1BB"];
$VisitorPitcher1SO = $_POST["VisitorPitcher1SO"];
$VisitorPitcher2Name = $_POST["VisitorPitcher2Name"];
$VisitorPitcher2IP = $_POST["VisitorPitcher2IP"];
$VisitorPitcher2R = $_POST["VisitorPitcher2R"];
$VisitorPitcher2ER = $_POST["VisitorPitcher2ER"];
$VisitorPitcher2H = $_POST["VisitorPitcher2H"];
$VisitorPitcher2BB = $_POST["VisitorPitcher2BB"];
$VisitorPitcher2SO = $_POST["VisitorPitcher2SO"];
$VisitorPitcher3Name = $_POST["VisitorPitcher3Name"];
$VisitorPitcher3IP = $_POST["VisitorPitcher3IP"];
$VisitorPitcher3R = $_POST["VisitorPitcher3R"];
$VisitorPitcher3ER = $_POST["VisitorPitcher3ER"];
$VisitorPitcher3H = $_POST["VisitorPitcher3H"];
$VisitorPitcher3BB = $_POST["VisitorPitcher3BB"];
$VisitorPitcher3SO = $_POST["VisitorPitcher3SO"];
$HomePitcher1Name = $_POST["HomePitcher1Name"];
$HomePitcher1IP = $_POST["HomePitcher1IP"];
$HomePitcher1R = $_POST["HomePitcher1R"];
$HomePitcher1ER = $_POST["HomePitcher1ER"];
$HomePitcher1H = $_POST["HomePitcher1H"];
$HomePitcher1BB = $_POST["HomePitcher1BB"];
$HomePitcher1SO = $_POST["HomePitcher1SO"];
$HomePitcher2Name = $_POST["HomePitcher2Name"];
$HomePitcher2IP = $_POST["HomePitcher2IP"];
$HomePitcher2R = $_POST["HomePitcher2R"];
$HomePitcher2ER = $_POST["HomePitcher2ER"];
$HomePitcher2H = $_POST["HomePitcher2H"];
$HomePitcher2BB = $_POST["HomePitcher2BB"];
$HomePitcher2SO = $_POST["HomePitcher2SO"];
$HomePitcher3Name = $_POST["HomePitcher3Name"];
$HomePitcher3IP = $_POST["HomePitcher3IP"];
$HomePitcher3R = $_POST["HomePitcher3R"];
$HomePitcher3ER = $_POST["HomePitcher3ER"];
$HomePitcher3H = $_POST["HomePitcher3H"];
$HomePitcher3BB = $_POST["HomePitcher3BB"];
$HomePitcher3SO = $_POST["HomePitcher3SO"];
$VisitorDouble = $_POST["VisitorDouble"];
$VisitorTriple = $_POST["VisitorTriple"];
$VisitorHomeRun = $_POST["VisitorHomeRun"];
$VisitorLeader = $_POST["VisitorLeader"];
$VisitorGameNotes = $_POST["VisitorGameNotes"];
$HomeDouble = $_POST["HomeDouble"];
$HomeTriple = $_POST["HomeTriple"];
$HomeHomeRun = $_POST["HomeHomeRun"];
$HomeLeader = $_POST["HomeLeader"];
$HomeGameNotes = $_POST["HomeGameNotes"];
And I would like to run the following function ONLY if the form fields have anything inside them.
function test_input($data)
{
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
For simplicity, I named all my variables the same as the name value of each form field.
Thank you, and all help is appreciated.
Solution
If you need each variable name separate (not in an array) like in your example:
foreach($_POST as $key => $val) {
$$key = test_input($val);
}
OTHER TIPS
You could run it through your function, and then use extract()
to produce all of those variables you had before. I'm guessing you use those variable names later on:
foreach ($_POST as $k => $v){
$clean[$k] = test_input($v)
}
extract($clean);
I'd suggest changing your test_input
function to
function test_input($data)
{
if($data == "") {
return;
}
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
and just running it on all of the elements in $_POST
before put inside variable run following
foreach($_POST as $key => $value){
$_POST[$key] = test_input($value);
}
then put inside variables
enjoy :)
You can do something like in as little as 8 lines of code.
$values = $_POST; // Just so we make sure that we don't use the $_POST array afterwards
array_walk($values, function (&$val) {
if (!empty($val)) {
$val = htmlspecialchars(stripslashes(trim($val)));
}
});
extract($values);
unset($values);