| Re: Variable variables? [message #182280 is a reply to message #182267] |
Sat, 27 July 2013 13:48   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 7/26/2013 3:39 PM, Scott Johnson wrote:
> On 7/26/2013 3:56 AM, Jerry Stuckle wrote:
>> On 7/25/2013 10:56 PM, Scott Johnson wrote:
>>> I have a situation which I 'think' I need to use variable variables and
>>> not sure how to go about it.
>>>
>>>
>>> I have several <select multiple> elements on a search form with their
>>> names created dynamically and the options created dynamically.
>>>
>>> $parent holds the name such as "Women", "Mens" etc..
>>> $c_id holds category_id and is sent off as the 'value' of the option.
>>>
>>> This form is self calling and an array is created for the multiple
>>> option selected.
>>>
>>> Women => array([0]=>20,[1]=>21,...)
>>> Mens => array([0]=>32,[1]=>35,...)
>>>
>>> I am using in_array() to check returned posted values against an id.
>>>
>>> How do I reference that array by using the value of $parent.
>>>
>>> if $parent is 'Women' I need to reference the array 'Women'
>>>
>>> Here is a nutshell of the algorithm.
>>>
>>> foreach($parent_ary as $parent) {
>>> echo "<select {$parent}[] multiple>";
>>> foreach($category_ary as $c_id=>$category) {
>>> if(in_array($c_id, array of posted value)) {
>>> // Create select option
>>> } else {
>>> // Create regular option
>>> }
>>> }
>>> echo "</select>";
>>> }
>>>
>>> I hope this makes sense and yes I did RTM but could not transpose what
>>> they where explaining to what I need to do.
>>>
>>> Thanks
>>> Scotty
>>
>> I'm not sure why you think you need variable variables (another sucky
>> idea on PHP's part, IMHO). Build your array with the field name as the
>> key and the value as the data. Then you can access it as
>>
>> foreach ($array as $key=>$value)
>>
>> If each key contains multiple values, then $value is just another array.
>>
>> Just be sure to validate your incoming data. Such constructions are
>> more susceptible to be hacked unless you're very careful.
>>
>
> Well I was thinking of variable variables because.....I ran out of ideas
> and it seemed like a way to go? ;)
>
> I will give what you suggest a go, seems like a simple enough approach.
>
> Thanks
> Scotty
The salient point here is - you KNOW what names SHOULD be on your form.
You may have several fields, but you know what fields are available
(even if you're only using a subset of those fields).
You need to control what you have on the form. What you DON'T want is a
hacker to post his/her own form with data which should not normally be
available.
OTOH, if you're creating field names dynamically because you don't know
how many you will have, you should be using an array. For instance, if
you're looking for restaurants and want to have checkboxes for various
nationalities, the nationalities available should be all be in the same
array.
The reason I think variable variables are sucky is because they almost
always lead to hard to understand and hard to maintain code. Data
validation becomes much more difficult and often leads to holes in the
code which can be used by hackers - especially when the info is coming
from the user.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]