Mass PHP variables form sanitation

Question

I want to be able to sanitize all of my form elements in one for statement. Problem being, I'm not exactly sure how I would do this as simply as possible. These are my PHP variables I want to be sanitized.

PHP Variables

$dateMonth = $_POST["dateMonth"];
$dateDay = $_POST["dateDay"];
$game = $_POST["bbsb"];
$gameType = $_POST["type"];
$VisitorTeamname = $_POST["VisitorTeamname"];
$VisitorInning1 = $_POST["VisitorInning1"];
$VisitorInning2 = $_POST["VisitorInning2"];
$VisitorInning3 = $_POST["VisitorInning3"];
$VisitorInning4 = $_POST["VisitorInning4"];
$VisitorInning5 = $_POST["VisitorInning5"];
$VisitorInning6 = $_POST["VisitorInning6"];
$VisitorInning7 = $_POST["VisitorInning7"];
$VisitorInning8 = $_POST["VisitorInning8"];
$VisitorInning9 = $_POST["VisitorInning9"];
$VisitorInning10 = $_POST["VisitorInning10"];
$VisitorInning11 = $_POST["VisitorInning11"];
$VisitorInning12 = $_POST["VisitorInning12"];
$VisitorR = $_POST["VisitorR"];
$VisitorH = $_POST["VisitorH"];
$VisitorE = $_POST["VisitorE"];
$VisitorRecord = $_POST["VisitorRecord"];
$HomeTeamname = $_POST["HomeTeamname"];
$HomeInning1 = $_POST["HomeInning1"];
$HomeInning2 = $_POST["HomeInning2"];
$HomeInning3 = $_POST["HomeInning3"];
$HomeInning4 = $_POST["HomeInning4"];
$HomeInning5 = $_POST["HomeInning5"];
$HomeInning6 = $_POST["HomeInning6"];
$HomeInning7 = $_POST["HomeInning7"];
$HomeInning8 = $_POST["HomeInning8"];
$HomeInning9 = $_POST["HomeInning9"];
$HomeInning10 = $_POST["HomeInning10"];
$HomeInning11 = $_POST["HomeInning11"];
$HomeInning12 = $_POST["HomeInning12"];
$HomeR = $_POST["HomeR"];
$HomeH = $_POST["HomeH"];
$HomeE = $_POST["HomeE"];
$HomeRecord = $_POST["HomeRecord"];

$VisitorPitcher1Name = $_POST["VisitorPitcher1Name"];
$VisitorPitcher1IP = $_POST["VisitorPitcher1IP"];
$VisitorPitcher1R = $_POST["VisitorPitcher1R"];
$VisitorPitcher1ER = $_POST["VisitorPitcher1ER"];
$VisitorPitcher1H = $_POST["VisitorPitcher1H"];
$VisitorPitcher1BB = $_POST["VisitorPitcher1BB"];
$VisitorPitcher1SO = $_POST["VisitorPitcher1SO"];

$VisitorPitcher2Name = $_POST["VisitorPitcher2Name"];
$VisitorPitcher2IP = $_POST["VisitorPitcher2IP"];
$VisitorPitcher2R = $_POST["VisitorPitcher2R"];
$VisitorPitcher2ER = $_POST["VisitorPitcher2ER"];
$VisitorPitcher2H = $_POST["VisitorPitcher2H"];
$VisitorPitcher2BB = $_POST["VisitorPitcher2BB"];
$VisitorPitcher2SO = $_POST["VisitorPitcher2SO"];

$VisitorPitcher3Name = $_POST["VisitorPitcher3Name"];
$VisitorPitcher3IP = $_POST["VisitorPitcher3IP"];
$VisitorPitcher3R = $_POST["VisitorPitcher3R"];
$VisitorPitcher3ER = $_POST["VisitorPitcher3ER"];
$VisitorPitcher3H = $_POST["VisitorPitcher3H"];
$VisitorPitcher3BB = $_POST["VisitorPitcher3BB"];
$VisitorPitcher3SO = $_POST["VisitorPitcher3SO"];

$HomePitcher1Name = $_POST["HomePitcher1Name"];
$HomePitcher1IP = $_POST["HomePitcher1IP"];
$HomePitcher1R = $_POST["HomePitcher1R"];
$HomePitcher1ER = $_POST["HomePitcher1ER"];
$HomePitcher1H = $_POST["HomePitcher1H"];
$HomePitcher1BB = $_POST["HomePitcher1BB"];
$HomePitcher1SO = $_POST["HomePitcher1SO"];

$HomePitcher2Name = $_POST["HomePitcher2Name"];
$HomePitcher2IP = $_POST["HomePitcher2IP"];
$HomePitcher2R = $_POST["HomePitcher2R"];
$HomePitcher2ER = $_POST["HomePitcher2ER"];
$HomePitcher2H = $_POST["HomePitcher2H"];
$HomePitcher2BB = $_POST["HomePitcher2BB"];
$HomePitcher2SO = $_POST["HomePitcher2SO"];

$HomePitcher3Name = $_POST["HomePitcher3Name"];
$HomePitcher3IP = $_POST["HomePitcher3IP"];
$HomePitcher3R = $_POST["HomePitcher3R"];
$HomePitcher3ER = $_POST["HomePitcher3ER"];
$HomePitcher3H = $_POST["HomePitcher3H"];
$HomePitcher3BB = $_POST["HomePitcher3BB"];
$HomePitcher3SO = $_POST["HomePitcher3SO"];

$VisitorDouble = $_POST["VisitorDouble"];
$VisitorTriple = $_POST["VisitorTriple"];
$VisitorHomeRun = $_POST["VisitorHomeRun"];
$VisitorLeader = $_POST["VisitorLeader"];
$VisitorGameNotes = $_POST["VisitorGameNotes"];
$HomeDouble = $_POST["HomeDouble"];
$HomeTriple = $_POST["HomeTriple"];
$HomeHomeRun = $_POST["HomeHomeRun"];
$HomeLeader = $_POST["HomeLeader"];
$HomeGameNotes = $_POST["HomeGameNotes"];

And I would like to run the following function ONLY if the form fields have anything inside them.

function test_input($data)
{
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
}
?>

For simplicity, I named all my variables the same as the name value of each form field.

Thank you, and all help is appreciated.

Answer 1

If you need each variable name separate (not in an array) like in your example:

foreach($_POST as $key => $val) {
    $$key = test_input($val);
}

Answer 2

You could run it through your function, and then use extract() to produce all of those variables you had before. I'm guessing you use those variable names later on:

foreach ($_POST as $k => $v){
    $clean[$k] = test_input($v)
}
extract($clean);

Answer 3

I'd suggest changing your test_input function to

function test_input($data)
{
  if($data == "") {
    return;
  }
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

and just running it on all of the elements in $_POST

Answer 4

before put inside variable run following

foreach($_POST as $key => $value){
    $_POST[$key] = test_input($value);
}

then put inside variables

enjoy :)

Answer 5

You can do something like in as little as 8 lines of code.

$values = $_POST; // Just so we make sure that we don't use the $_POST array afterwards

array_walk($values, function (&$val) {
    if (!empty($val)) {
        $val = htmlspecialchars(stripslashes(trim($val)));
    }
});

extract($values);
unset($values);