tags:

views:

1259

answers:

3
Q: 

PHP - Convert all POST data into SESSION variables

Hey all,

There's got to be a much more elegant way of doing this.

How do I convert all non-empty post data to session variables, without specifying each one line by line? Basically, I want to perform the function below for all instances of X that exist in the POST array.

if (!empty($_POST['X'])) $_SESSION['X']=$_POST['X'];

I was going to do it one by one, but then I figured there must be a much more elegant solution

+6  A: 

I would specify a dictionary of POST names that are acceptable.

$accepted = array('foo', 'bar', 'baz');

foreach ( $_POST as $foo=>$bar ) {
    if ( in_array( $foo, $accepted ) && !empty($bar) ) {
        $_SESSION[$foo] = $bar;
    }
}

Or something to that effect. I would not use empty because it treats 0 as empty.

meder  2009-10-18 06:49:55
I am fine with 0 being treated as empty, in fact it would help to clean up my data. Thanks!
RC  2009-10-18 06:59:27
modified to fit your needs then.
meder  2009-10-18 08:10:59
To be honest, you should avoid using empty() at all - kick the habit now, and you'll develop techniques that will work in EVERY situation, not just this one. There are appropriate functions for every data type. Use them!
iddqd  2009-10-19 18:28:25
A: 

Well the first thing I would suggest is you don't do this. It's a huge potential security hole. Let's say you rely on a session variable of username and/or usertype (very common). Someone can just post over those details. You should be taking a white list approach by only copying approved values from $_POST to $_SESSION ie:

$vars = array('name', 'age', 'location');
foreach ($vars as $v) {
  if (isset($_POST[$v]) {
    $_SESSION[$v] = $_POST[$v];
  }
}

How you define "empty" determines what kind of check you do. The above code uses isset(). You could also do if ($_POST[$v]) ... if you don't want to write empty strings or the number 0.

cletus  2009-10-18 06:51:29
Yes, thanks for the pointer. So I would have to, in effect, do it one by one, but I can whitelist it in an array to keep the code tidy.How do I implement a "not empty()" check into your code above, to ensure that only not-empty POST data get converted to session variables, even if it's in the whitelist? I am fine with "0" being registered as empty.
RC  2009-10-18 06:58:20
A: 

Here you go,

if(isset($_POST) {
 foreach ($_POST as $key => $val) {
  if($val != "Submit")
   $_SESSION["$key"] = $val;
 }
}
lemon  2009-10-18 06:53:58

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases