6 Replies - 610 Views - Last Post: 05 August 2009 - 12:41 PM Rate Topic: -----

#1 cosmicappuccino  Icon User is offline

  • New D.I.C Head

Reputation: 3
  • View blog
  • Posts: 25
  • Joined: 23-December 08

accessing $_POST with concatenated key

Posted 05 August 2009 - 09:41 AM

Hi,

I'm having some trouble getting some PHP to work and wanted to confirm the below.

Is it ok to have a concatenated key when accessing $_POST?
For example, I might have a FOR loop in which $i is the variable incremented. Then, can I access $_POST['book1'], $_POST['book2'], etc. by putting in each loop:
$_POST['book'.strval($i)]
?

In case it is useful, the $_POST value is being used in a mysql INSERT query, which doesn't seem to be working.

Thanks for the feedback! (:

Is This A Good Question/Topic? 0
  • +

Replies To: accessing $_POST with concatenated key

#2 gregwhitworth  Icon User is offline

  • Tired.
  • member icon

Reputation: 219
  • View blog
  • Posts: 1,605
  • Joined: 20-January 09

Re: accessing $_POST with concatenated key

Posted 05 August 2009 - 09:55 AM

Yeah - I don't see why not. But why would you do the following:


$_POST['book' . $i];




That would produce book1, book2, etc...

But for security reasons, have you cleaned/sterilized your data before inserting it?
--

Greg

This post has been edited by gregwhitworth: 05 August 2009 - 09:55 AM

Was This Post Helpful? 0
  • +
  • -

#3 cosmicappuccino  Icon User is offline

  • New D.I.C Head

Reputation: 3
  • View blog
  • Posts: 25
  • Joined: 23-December 08

Re: accessing $_POST with concatenated key

Posted 05 August 2009 - 11:05 AM

Thanks for the answer, Greg!

As for the sterilization -- what would you normally recommend doing before inserting data? In this particular case, the variables will be alphanumeric only, but I'm not totally clear on this issue so would appreciate any guidelines for future use.

Thanks again,
Was This Post Helpful? 0
  • +
  • -

#4 Wimpy  Icon User is offline

  • R.I.P. ( Really Intelligent Person, right? )
  • member icon

Reputation: 159
  • View blog
  • Posts: 1,038
  • Joined: 02-May 09

Re: accessing $_POST with concatenated key

Posted 05 August 2009 - 11:11 AM

You should always check if the received data contains only what you expect, in this case alphanumerics, you could use ctype_alnum() or the preg_match() functions. You always also escape the data, preferably with some native function like mysql_real_escape_string() for MySQL databases! :)

View Postcosmicappuccino, on 5 Aug, 2009 - 08:05 PM, said:

Thanks for the answer, Greg!

As for the sterilization -- what would you normally recommend doing before inserting data? In this particular case, the variables will be alphanumeric only, but I'm not totally clear on this issue so would appreciate any guidelines for future use.

Thanks again,

Was This Post Helpful? 0
  • +
  • -

#5 gregwhitworth  Icon User is offline

  • Tired.
  • member icon

Reputation: 219
  • View blog
  • Posts: 1,605
  • Joined: 20-January 09

Re: accessing $_POST with concatenated key

Posted 05 August 2009 - 11:16 AM

Even still, if the user is allowed to input data into your SQL database without you sterilizing it - you have the capability of having your data hacked.

http://www.dreaminco...wtopic37214.htm

Read up on it a little, you want to do as much as you can to be secure. I still am working on maintaining security in my user inputted values, but it is a practice that you should learn, and learn early.
Was This Post Helpful? 0
  • +
  • -

#6 cosmicappuccino  Icon User is offline

  • New D.I.C Head

Reputation: 3
  • View blog
  • Posts: 25
  • Joined: 23-December 08

Re: accessing $_POST with concatenated key

Posted 05 August 2009 - 12:22 PM

Thanks a lot, both of you. That's really helpful (:
Was This Post Helpful? 0
  • +
  • -

#7 Wimpy  Icon User is offline

  • R.I.P. ( Really Intelligent Person, right? )
  • member icon

Reputation: 159
  • View blog
  • Posts: 1,038
  • Joined: 02-May 09

Re: accessing $_POST with concatenated key

Posted 05 August 2009 - 12:41 PM

No problem, note that you shouldn't only consider protecting yourself against sql injections since that is just one of a thousand different threats, but, it the end, everything ends up in validating incoming data and auth'ing users (authenticating and authorizing)!

Here's a link to some links you could follow to read up on, I haven't read them myself yet, to be honest:
http://en.wikipedia....curity_exploits

:)

This post has been edited by Wimpy: 05 August 2009 - 12:43 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1