current community

your communities

more stack exchange communities

Stack Exchange
tour help
stack overflow careers
Take the 2-minute tour ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote -3 down vote favorite

I wrote a foreach loop and saved on several lines of code. It basically takes all of the $_POST variables and uses their names to create normal php variables.

foreach(array_keys($_POST) as $str)
{
${$str}=mysqli_real_escape_string($connection,trim($_POST["$str"]));
}

It is working as expected, creating variables dynamically.

Now, I wanted to put it inside a custom function so i modified it like this:

function createvariablesfromPOST()
{
    foreach(array_keys($_POST) as $str)
    {
    ${$str}=mysqli_real_escape_string($GLOBALS["connection"],trim($_POST["$str"]));
    }
    return //something;
}

Its not working obviously, because i dont know how to make this function return // something (whatever that thing may be) to the global scope. Whats supposed to be done here?

I cant make the foreach loop return anything, till the loop is complete. Isn't that so?

Please help.

share|improve this question
7  
What you're doing is the great example of what you should never do –  zerkms Feb 7 '12 at 6:25
    
You could only return once and only one item (where "item" is one variable which also could be an array holding multiple values then). To use your automagically created variables outside the function, you would have to set them as global. But as mentioned above, you should think about an more reliable solution. –  djot Feb 7 '12 at 6:30
    
Hi, @Phil: I'm reading the page you mentioned –  Chinmay Kamat Feb 7 '12 at 6:35
    
@zerkms: I have a naming convention, where the names of columns from the MySQL db and the name attributes in the html form are the same. It didnt make sense to duplicate it so many times. The users may either enter values or leave it blank. Why do you think its a problem? –  Chinmay Kamat Feb 7 '12 at 6:36
    
@Chinmay Kamat: it is a problem because you want your variables to be global. I cannot even think of how using some database values as html attributes can justify using global variables. –  zerkms Feb 7 '12 at 7:18

1 Answer 1

up vote 0 down vote accepted

Assigning arbitrary variables supplied by the user could be EXTREMELY DANGEROUS! They can overwrite any of your variables.

The reason it isn't working, is because they aren't in the global scope. You would have to do something like $GLOBALS[$variable] = 'something';

Instead, you should assign the variables to an array so they are isolated from the global scope. i.e. $input[$$var] = $escaped_value;

share|improve this answer
    
Thanks, Your suggestion of making the variable global inside the foreach loop itself has worked. But I'm examining the possibility of conflict as you and others have pointed out. –  Chinmay Kamat Feb 7 '12 at 6:53

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.