Is there a way to turn off the PHP functionality for Submitting a multidimensional array via POST with php?
So that submission of <input type="text" name="variable[0][1]" value="..." /> produces a $_POST like so...
array (
["variable[0][1]"] => "...",
)
NOT like so:
array (
["variable"] => array(
[0] => array (
[1] => "..."
),
),
)
I'm thinking/hoping an obscure PHP.ini directive or something... ?
No, but nothing stops you from fetching the query string (through $_SERVER['QUERY_STRING']) and parsing it manually. For instance:
$myGET = array();
foreach (explode("&", $_SERVER['QUERY_STRING']) as $v) {
if (preg_match('/^([^=])+(?:=(.*))?$/', $v, $matches)) {
$myGET[urldecode($matches[1])] = urldecode($matches[2]);
}
}
I should think not. What exactly are you trying to do?
You could use variable(0)(1) or variable_0_1 as names for example.
Don't believe you can do that. I also don't understand why you'd need to. But this should work:
$_POST['variable'] = array(array('abc','def'),array('ddd','ggg'));
print_r(flatPost('variable'));
function flatPost($var)
{
return enforceString($_POST[$var], $var);
}
function enforceString($data, $preKey = '')
{
if(!is_array($data))
{
return array($preKey . $data);
}
$newData = array();
foreach($data as $key => &$value)
{
$element = enforceString($value, $preKey . '[' . $key . ']');
$newData = array_merge($newData, $element);
}
return $newData;
}
It's a little over the top, but if necessary you could manually parse the request body.
<?php
if(!empty($_POST) && $_SERVER['CONTENT_TYPE'] == 'application/x-www-form-urlencoded') {
$_post = array();
$queryString = file_get_contents('php://input'); // read the request body
$queryString = explode('&', $queryString); // since the request body is a query string, split it on '&'
// and you have key-value pairs, delimited by '='
foreach($queryString as $param) {
$params = explode('=', $param);
if(array_key_exists(0, $params)) {
$params[0] = urldecode($params[0]);
}
if(array_key_exists(1, $params)) {
$params[1] = urldecode($params[1]);
}
else {
$params[1] = urldecode('');
}
$_post[$params[0]] = $params[1];
}
$_POST = $_post;
}
?>
Related
I'm getting null values after I run the DBEscape($data) function that is for SQL injection protection. Can someone help?
My inputs are all multiple arrays, ex: name="quote[][dt_flight]", name="quote[][acft]", etc.
Method is POST.
function DBEscape($data){
$link = DBConect();
if(!is_array($data)){
$data = mysqli_real_escape_string($link,$data);
}
else {
$arr = $data;
foreach ($arr as $key => $value){
$key = mysqli_real_escape_string($link, $key);
$value = mysqli_real_escape_string($link, $value);
$data[$key] = $value;
}
}
DBClose($link);
return $data;
}
function DBCreate($table, array $data, $insertId = false){
$table = DB_PREFIX.'_'.$table;
$data = DBEscape($data);
var_dump($data);
$fields = implode(", ", array_keys($data));
$values = "'".implode("', '", $data)."'";
$query = "INSERT INTO {$table} ({$fields}) VALUES ({$values});";
var_dump($query);
return DBExecute($query, $insertId);
}
if(isset($_POST["quote"]) && is_array($_POST["quote"])){
foreach($_POST["quote"]["dt_flight"] as $key => $text_field){
$last_id = DBCreate('quote',$_POST['quote'],true);
$i++;
}
}
The connection works since it is inserting the rows into the tables. I used vardump before and after the DBEscape to figure out that it is deleting the values, the keys are fine.
PS: The proposed answer is for a single variable not an array.
As you can see in your var_dump-result, the data you sent to DBCreate and thus to DBEscape looks like
array(
'dt_flight' => array(0 => '2018-06-13'),
'acft' => array(0 => 'VQ-BFD',
// and so on
)
Therfore the data you sent to
// $value = array(0 => '2018-06-13') here
$value = mysqli_real_escape_string($link, $value);
And well, mysqli_real_escape_string doesn't like arrays very much, thus will return NULL and thus inserting empty data in your table.
You most likely want to resolve this error within your foreach($_POST["quote"]["dt_flight"]) loop, since I suppose you sent multiple flight-data:
foreach($_POST["quote"]["dt_flight"] as $key => $text_field) {
// $key would be 0, for $_POST["quote"]["dt_flight"][0] = '2018-06-13'
$keyData = [];
foreach($_POST["quote"] as $field => $allFieldValues) {
// Walk over every field, and add the value for the same $key
if (is_array($data) && isset($allFieldValues[$key])) {
// Would add for example $keyData['acft'] = $_POST['quote']['acft'][0] = 'VQ-BFD';
$keyData[$field] = $allFieldValues[$key];
}
}
var_dump($keyData);
// Would look like array(
// 'dt-flight' => '2018-06-13',
// 'acft' => 'VQ-BFD',
// and so on
// )
$last_id = DBCreate('quote',$keyData,true);
$i++;
}
Although this is not part of your question, I really suggest you also take care of my comment on your question about mysqli_real_escape_string not being a safe way to escape column-names (or table-names and so on). For example with following solution:
function DBCreate($table, array $data, $insertId = false) {
// For each table the known columns
$columns = array( 'quote' => array('dt_flight', 'acft', '...') );
// Verify valid table given
if (!isset($columns[$table])) {
throw new InvalidArgumentException('No such table: ' . $table);
}
// Remove everything from data where the key is not in $columns[$table]
// = Remove everything where the column-name is non-existing or even an attempt to hack your system
$data = array_intersect_key($data, array_fill_keys($columns[$table], null));
if (!count($data)) {
throw new InvalidArgumentException('No (valid) data given at all');
}
// Next, continue with your implementation
}
$array['a:b']['c:d'] = 'test';
$array['a:b']['e:f']= 'abc';
I need output like below. array can have multiple level . Its comes with api so we do not know where colon come.
$array['ab']['cd'] = 'test';
$array['ab']['ef']= 'abc';
(untested code) but the idea should be correct if want to remove ':' from keys:
function clean_keys(&$array)
{
// it's bad to modify the array being iterated on, so we do this in 2 steps:
// find the affected keys first
// then move then in a second loop
$to_move = array();
forach($array as $key => $value) {
if (strpos($key, ':') >= 0) {
$target_key = str_replace(':','', $key);
if (array_key_exists($target_key, $array)) {
throw new Exception('Key conflict detected: ' . $key . ' -> ' . $target_key);
}
array_push($to_move, array(
"old_key" => $key,
"new_key" => $target_key
));
}
// recursive descent
if (is_array($value)) {
clean_keys($array[$key]);
}
}
foreach($to_move as $map) {
$array[$map["new_key"]] = $array[$map["old_key"]];
unset($array[$map["old_key"]]);
}
}
try this:
$array=array();
$array[str_replace(':','','a:b')][str_replace(':','','c:d')]="test";
print_r($array);
This seems like the simplest and most performant approach:
foreach ($array as $key => $val) {
$newArray[str_replace($search, $replace, $key)] = $val;
}
I have 1 doubt regarding this...
i have a url like this
http://www.SpiderWeb.com/vendors/search_results/scid:0/atr:1/mbp:1/bc:2/bc:1/mbpo:2/atrt:5/atop:1/opel:4
I want to extract all the named parameters in an array vars such that I have the name of the variable as well it's value in the url so that I can use them for some processing...
Is there some way by which i can achieve this uisng some build-in functions rather than assiging them individually
i.e
$some_var = $this->request->params['named']['id'];
The resaon i want it is because the named parameters are dynamic ....
heres the updated solution for this...
<?php
$url = 'http://www.SpiderWeb.com/vendors/search_results/scid:0/atr:1/mbp:1/bc:2/bct:1/mbpo:2/atrt:5/atop:1/opel:4';
$arr_url = parse_url($url);
//print_r($arr_url);
$res = explode("/vendors/search_results/",$arr_url['path']);
//print_r($res);
//print_r($res[1]);
$vars = explode("/",$res[1]);
//print_r($vars);
$result = array();
foreach($vars as $key => $val){
if (strpos($val, ":") !== false) {
$newvars = explode(":",$val);
//print_r($newvars);
$result[$newvars[0]] = $newvars[1];
}
}
print_r($result);
?>
Just loop through the named params array
foreach ($this->request->params['named'] as $name => $param) {
pr("The param name is {$name}");
pr("The param value is {$param}");
}
Try this :
$url = 'http://www.SpiderWeb.com/vendors/search_results/scid:0/atr:1/mbp:1/bc:2/bc:1/mbpo:2/atrt:5/atop:1/opel:4';
$myarr = parse_url($url);
$res = explode("/",$myarr['path']);
foreach($res as $val){
if (strpos($val, ":") !== false) {
$vars = explode(":",$val);
$$vars[0] = $vars[1];
}
}
echo $scid;
I want to create a php cookie that stores the username and the userid. Or is it better to just use one to get the other?
If you're only looking to store two values, it may just be easier to concatenate them and store it as such:
setcookie("acookie", $username . "," . $userid);
And to retrieve the information later,
if(isset($_COOKIE["acookie"])){
$pieces = explode(",", $_COOKIE["acookie"]);
$username = $pieces[0];
$userid = $pieces[1];
}
Cheers,
~Berserkguard
<?php
// set the cookies
setcookie("cookie[three]", "cookiethree");
setcookie("cookie[two]", "cookietwo");
setcookie("cookie[one]", "cookieone");
// after the page reloads, print them out
if (isset($_COOKIE['cookie'])) {
foreach ($_COOKIE['cookie'] as $name => $value) {
$name = htmlspecialchars($name);
$value = htmlspecialchars($value);
echo "$name : $value <br />\n";
}
}
?>
http://php.net/manual/en/function.setcookie.php
You can use an array for example
<?php
// the array that will be used
// in the example
$array = array(
'name1' => 'value1',
'name2' => 'value2',
'name3' => 'value3'
);
// build the cookie from an array into
// one single string
function build_cookie($var_array) {
$out = '';
if (is_array($var_array)) {
foreach ($var_array as $index => $data) {
$out .= ($data != "") ? $index . "=" . $data . "|" : "";
}
}
return rtrim($out, "|");
}
// make the func to break the cookie
// down into an array
function break_cookie($cookie_string) {
$array = explode("|", $cookie_string);
foreach ($array as $i => $stuff) {
$stuff = explode("=", $stuff);
$array[$stuff[0]] = $stuff[1];
unset($array[$i]);
}
return $array;
}
// then set the cookie once the array
// has been through build_cookie func
$cookie_value = build_cookie($array);
setcookie('cookie_name', $cookie_value, time() + (86400 * 30), "/");
// get array from cookie by using the
// break_cookie func
if (isset($_COOKIE['cookie_name'])) {
$new_array = break_cookie($_COOKIE['cookie_name']);
var_dump($new_array);
}
?>
Hope this answer help you out
I know it's an old thread, but this might save a future me some headache. The best way I believe would be to serialize/unserialize the data.
setcookie('BlueMonster', serialize($cookiedata);
$arCookie = unserialize($_COOKIE['BlueMonster']);
(hijacked from https://www.brainbell.com/tutorials/php/Saving_Multiple_Data_In_One_Cookie.htm since it was far more complete than I would have thrown together in 5 mins)
<?php
require_once 'stripCookieSlashes.inc.php';
function setCookieData($arr) {
$cookiedata = getAllCookieData();
if ($cookiedata == null) {
$cookiedata = array();
}
foreach ($arr as $name => $value) {
$cookiedata[$name] = $value;
}
setcookie('cookiedata',
serialize($cookiedata),
time() + 30*24*60*60);
}
function getAllCookieData() {
if (isset($_COOKIE['cookiedata'])) {
$formdata = $_COOKIE['cookiedata'];
if ($formdata != '') {
return unserialize($formdata);
} else {
return array();
}
} else {
return null;
}
}
function getCookieData($name) {
$cookiedata = getAllCookieData();
if ($cookiedata != null &&
isset($cookiedata[$name])) {
return $cookiedata[$name];
}
}
return '';
}
?>
I'm looking for the name of the PHP function to build a query string from an array of key value pairs. Please note, I am looking for the built in PHP function to do this, not a homebrew one (that's all a google search seems to return). There is one, I just can't remember its name or find it on php.net. IIRC its name isn't that intuitive.
You're looking for http_build_query().
Here's a simple php4-friendly implementation:
/**
* Builds an http query string.
* #param array $query // of key value pairs to be used in the query
* #return string // http query string.
**/
function build_http_query( $query ){
$query_array = array();
foreach( $query as $key => $key_value ){
$query_array[] = urlencode( $key ) . '=' . urlencode( $key_value );
}
return implode( '&', $query_array );
}
Just as addition to #thatjuan's answer.
More compatible PHP4 version of this:
if (!function_exists('http_build_query')) {
if (!defined('PHP_QUERY_RFC1738')) {
define('PHP_QUERY_RFC1738', 1);
}
if (!defined('PHP_QUERY_RFC3986')) {
define('PHP_QUERY_RFC3986', 2);
}
function http_build_query($query_data, $numeric_prefix = '', $arg_separator = '&', $enc_type = PHP_QUERY_RFC1738)
{
$data = array();
foreach ($query_data as $key => $value) {
if (is_numeric($key)) {
$key = $numeric_prefix . $key;
}
if (is_scalar($value)) {
$k = $enc_type == PHP_QUERY_RFC3986 ? urlencode($key) : rawurlencode($key);
$v = $enc_type == PHP_QUERY_RFC3986 ? urlencode($value) : rawurlencode($value);
$data[] = "$k=$v";
} else {
foreach ($value as $sub_k => $val) {
$k = "$key[$sub_k]";
$k = $enc_type == PHP_QUERY_RFC3986 ? urlencode($k) : rawurlencode($k);
$v = $enc_type == PHP_QUERY_RFC3986 ? urlencode($val) : rawurlencode($val);
$data[] = "$k=$v";
}
}
}
return implode($arg_separator, $data);
}
}
Implode will combine an array into a string for you, but to make an SQL query out a kay/value pair you'll have to write your own function.