How to trim parameters and give them a prefix?

**Thomas Mlynarczyk** · May 21 '07, 07:05 PM

Re: How to trim parameters and give them a prefix?

Also sprach damezumari:

// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

foreach ( $_POST as $varname =$value ) { $_POST[$varname] = trim(
$value ); }

import_request_ variables('gp', 'p_');

Why? It's simpler, cleaner and safer to work with $_GET / $_POST directly.

Greetings,
Thomas

**jmark@fastermail.com** · May 21 '07, 07:35 PM

Re: How to trim parameters and give them a prefix?

On May 21, 12:17 pm, damezumari <jannordgr...@g mail.comwrote:

// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}
>
// give them $p_ prefix
import_request_ variables('gp', 'p_');
>
When I do the above the parameters are not trimmed in the end.
>
Example:
>
$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '

As per brian's comment here

PHP: Manual Quick Reference

http://us2.php.net/import_request_variables

PHP is a popular general-purpose scripting language that powers everything from your blog to the most popular websites in the world.

import_request_ varaibles are independent on $_POST.
By the way what is the importance of using this function when $_POST
is global?

**purcaholic** · May 21 '07, 08:25 PM

Re: How to trim parameters and give them a prefix?

On 21 Mai, 19:17, damezumari <jannordgr...@g mail.comwrote:

// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}
>
// give them $p_ prefix
import_request_ variables('gp', 'p_');
>
When I do the above the parameters are not trimmed in the end.
>
Example:
>
$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '

The first line, where you loop post array will not update post
content, it assigns trimmed value to $varname.
When using foreach loop using $varname =$value, $varname holds a
copy of actual key and $value the copy of actual value.
You have update post array directly, like
[snip]
foreach($_POST as $varname =$value) {$_POST[$varname] =
trim($value);}
[/snap]

purcaholic

**Moot** · May 21 '07, 08:35 PM

Re: How to trim parameters and give them a prefix?

On May 21, 1:17 pm, damezumari <jannordgr...@g mail.comwrote:

// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}
>
// give them $p_ prefix
import_request_ variables('gp', 'p_');
>
When I do the above the parameters are not trimmed in the end.
>
Example:
>
$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '

In short, because $varname and $value are local copies of $_POST and
are not pointers to the original variable.

$varname is indeed getting trimmed, but you're overwriting that value
each time through the foreach loop, leaving $_POST['varname']
untouched.

**jmark@fastermail.com** · May 21 '07, 08:45 PM

Re: How to trim parameters and give them a prefix?

On May 21, 2:02 pm, "Thomas Mlynarczyk" <tho...@mlynarc zyk-
webdesign.dewro te:

Also sprach damezumari:
>

// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}

>
foreach ( $_POST as $varname =$value ) { $_POST[$varname] = trim(
$value ); }
>

import_request_ variables('gp', 'p_');

>
Why? It's simpler, cleaner and safer to work with $_GET / $_POST directly.
>
Greetings,
Thomas

I may agree with simplicity and cleanliness to some extend but how is
it safer?

**Thomas Mlynarczyk** · May 22 '07, 10:25 AM

Re: How to trim parameters and give them a prefix?

Also sprach jmark@fastermai l.com:

>>import_reques t_variables('gp ', 'p_');

>Why? It's simpler, cleaner and safer to work with $_GET / $_POST
>directly.

I may agree with simplicity and cleanliness to some extend but how is
it safer?

There are general security issues with global variables. With
register_global s on, anyone could create a global variable with any content
in your script. Thus, you would have to be *very* careful and make
absolutely sure all your global variables are properly initialized by your
script. This can be done, of course, but it *is* a potential source for
security leaks. In addition, there is a security hole in some versions of
PHP (both 4 and 5) where it is possible for a hacker to overwrite your whole
$GLOBALS array. Another point: If you import the request variables, you
cannot be sure whether they come from $_GET or $_POST or if they are set at
all.

Of course, if register_global s is off, you are much safer. But what if
someday your script runs in an environment with register_global s on?
Besides, using global variables the way you intend to indicates bad coding
practises. If someday your script should become part of another project
using global variables, name collisions may occur leading to errors which
might be hard to debug.

Greetings,
Thomas

**jmark@fastermail.com** · May 22 '07, 01:55 PM

Re: How to trim parameters and give them a prefix?

On May 22, 5:20 am, "Thomas Mlynarczyk" <tho...@mlynarc zyk-
webdesign.dewro te:

Also sprach j...@fastermail .com:
>

>import_request _variables('gp' , 'p_');
Why? It's simpler, cleaner and safer to work with $_GET / $_POST
directly.

I may agree with simplicity and cleanliness to some extend but how is
it safer?

>
There are general security issues with global variables. With
register_global s on, anyone could create a global variable with any content
in your script. Thus, you would have to be *very* careful and make
absolutely sure all your global variables are properly initialized by your
script. This can be done, of course, but it *is* a potential source for
security leaks. In addition, there is a security hole in some versions of
PHP (both 4 and 5) where it is possible for a hacker to overwrite your whole
$GLOBALS array. Another point: If you import the request variables, you
cannot be sure whether they come from $_GET or $_POST or if they are set at
all.
>
Of course, if register_global s is off, you are much safer. But what if
someday your script runs in an environment with register_global s on?
Besides, using global variables the way you intend to indicates bad coding
practises. If someday your script should become part of another project
using global variables, name collisions may occur leading to errors which
might be hard to debug.
>
Greetings,
Thomas

Ok the question that I was asking earlier on is why would want to
import variables rather than using the $_POST variable which is
global. So I thought you were referring to its safety over $_POST and
not using ordinary global variables which are set when
register_global s is on. As for using $_POST there is no added security
in using imported variables and some extend you can say $_POST is
slightly more secure just comparing as you are aware where your
variables are coming from.

**damezumari** · May 22 '07, 04:25 PM

Re: How to trim parameters and give them a prefix?

Thanks for all the replies!

As far as I can gather from the replies and my new testing:

This does not trim the post variables:
foreach($_POST as $varname =$value) {$varname = trim($value);} does
not trim the post variables.

but this does:
foreach($_POST as $varname =$value) {$_POST[$varname] =
trim($value);}

However, this trimming has no effect on the variables you get from:
import_request_ variables('gp', 'p_');

So, the question remains, if I want to use global variables how do I
trim them? I can of course do it by hand one at a time, but is there
no other way?

**Jerry Stuckle** · May 22 '07, 05:25 PM

Re: How to trim parameters and give them a prefix?

damezumari wrote:

Thanks for all the replies!
>
As far as I can gather from the replies and my new testing:
>
This does not trim the post variables:
foreach($_POST as $varname =$value) {$varname = trim($value);} does
not trim the post variables.
>
but this does:
foreach($_POST as $varname =$value) {$_POST[$varname] =
trim($value);}
>
However, this trimming has no effect on the variables you get from:
import_request_ variables('gp', 'p_');
>
So, the question remains, if I want to use global variables how do I
trim them? I can of course do it by hand one at a time, but is there
no other way?
>

Why do you need import_request_ variables(), anyway? Everything is in
the superglobals $_GET, $_POST or $_COOKIE.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Schraalhans Keukenmeester** · May 22 '07, 10:45 PM

Re: How to trim parameters and give them a prefix?

At Mon, 21 May 2007 10:17:15 -0700, damezumari let his monkeys type:

// trim the parameters
foreach($_POST as $varname =$value) {$varname = trim($value);}
>
// give them $p_ prefix
import_request_ variables('gp', 'p_');
>
When I do the above the parameters are not trimmed in the end.
>
Example:
>
$lastname = ' ' is trimmed to $lastname = '', but $p_lastname = ' '

foreach ($_POST as $key=>$value) {
${'p_' . $key} = trim ($value);
}

I'm not saying I like this solution, but this does what you asked.
Sh.

How to trim parameters and give them a prefix?

How to trim parameters and give them a prefix?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment