0

In my PHP application. I am taking value from user and all these user values are stored in Array. And just for validation. I am comparing user input value with my array. :-

<?php

// Current Code

$masterArray = array(......); // ..... represents some 60-100 different values.

foreach($_POST as $key => $value) {
    if(in_array($value, $masterArray)) {
        $insertQuery = $mysqli->query("INSERTION stuff or Updating Stuff");
    } else {
        echo "Are you tampering html-form-data ?";
    }
}

?>

But this is so worthless code, as it takes quite good time in updating or insertion.

Is there any better function that is way faster to check if value in slave array exists in master array ?

From Slave Array i Mean => List / Array of User Input value.

From Master Array i mean => List of my array value stored in page.

Thanks

Perl Fanatic
  • 109
  • 2
  • 12
  • the checking is not the problem its your one insert query per array item, you con concatenate so you only make one query at the end. –  Jul 30 '13 at 23:37
  • It's not clear what you're asking. Are you trying to avoid using `in_array` because it does an array traversal under the hood? ([more here](http://stackoverflow.com/questions/2350361/how-is-the-php-array-implemented-on-the-c-level)) In that case, J. David Smith's answer is good. Or are you trying to avoid looping through `$_POST`? To that, I'd say: why not just validate the fields you care about instead of looking at everything in `$_POST`? – grossvogel Jul 30 '13 at 23:41
  • You did not mention if your master array is the "key"=>"value" format – Ibu Jul 31 '13 at 00:22
  • @Dagon = did what you said , here http://stackoverflow.com/a/17959740/2375759 thanks for the idea :) and @ lbu nope my master array is not "hash array", it has just values which has default numeric index as defined in php. – Perl Fanatic Jul 31 '13 at 01:12

2 Answers2

1

I think i got the better option with array_diff.

Please let me know if i am doing anything wrong in below before i put this code in production page:- Thanks a lot for your efforts @J.David Smith & @grossvogel

<?php
    $masterArray = array(.......); // My Master Array List

    $result = array_diff($_POST['checkBox'], $masterArray);
    
    if(count($result) > 0) {
        // If they are trying to do some tampering , let them submit all again. 
        echo 'Something is not Right';
    } else {
        // If Person is genuine, no waiting just insert them all    
        $total = count($_POST['checkBox']);
        $insertQuery = "INSERT into notes(user,quote) values ";
        for($i=0;$i<=$total; $i++) { 
            array_push($values, "('someuser','".$mysqli->real_escape_string($_POST['checkBox'][$i])."')"); 
        }
        $finalQuery = $mysqli->query($insertQuery.implode(',', $values));
    
    }

?>

Is my Code Better , I am testing it in localhost i don't see much of difference, I just want to know expert views if I am messing arround with something ? before i put this code in production page.

Update : This looks pretty better and faster than code in question.

Thanks

Community
  • 1
  • 1
Perl Fanatic
  • 109
  • 2
  • 12
  • I was unaware of that function. Kudos to you for finding it. Also: [use prepared statements!](http://php.net/manual/en/pdo.prepared-statements.php) – J David Smith Jul 31 '13 at 00:39
  • w00t ... this worked like a charm , and comparatively way faster. Thanks to @J.DavidSmith & @ grossvogel for your efforts. :) – Perl Fanatic Jul 31 '13 at 00:54
0

The only other way to do this is to use an associative array with your values as keys (well, you could custom-implement another storage container specifically for this, but that'd be overkill imo). Then, you can check with isset. For example:

$masterArray = array(....); // same thing, but with values as keys instead of values

foreach($_POST as $key => $value) {
    if(isset($masterArray[$value])) {
        // do stuff
    } else {
        // do stuff
    }
}

I'm kind of curious what the point of doing this is anyway, especially given the statement printed by your echo call. There may be an even better way to accomplish your goal than this.

EDIT: Another method suggested by grossvogel: loop over $masterArray instead of $_POST. If you expect $_POST to be a large set of data consistently (ie most of the time people will select 50+ items), this could be faster. Hashing is already very fast, so you'll have to benchmark it on your code in order to make a decision.

$masterArray = array(...); // either style of definition will work; i'll use yours for simplicity

foreach($masterArray as $value) {
    if(isset($_POST[$value])) {
        // do stuff
    }
}
J David Smith
  • 4,780
  • 1
  • 19
  • 24
  • Is there no option without loop. In future, there are few possibilities, my array may have 170-200 values. – Perl Fanatic Jul 30 '13 at 23:27
  • I am eager to know, your opinion. What's in your mind ? Please tell me. Thanks – Perl Fanatic Jul 30 '13 at 23:28
  • I assume that this is some form of input validation. What exactly are you validating? If you want to check each value in `$_POST` you need the `foreach` or a function that loops for you (still a loop, though); there is no way around that. – J David Smith Jul 30 '13 at 23:34
  • There are some values which are stored in SQL table, and user have to select either all or some of the option from it and it will be stored in his preferred notes. I am just matching if user has done no tampering to html-checkbox form data and is submitting genuinely. if s/he alters data and submits form. i want to throw message, no altering allowed. But as said, in future, there may be 170-200 values in sql table, and if any one selects all those 200 values to be added in his preferred notes, it will be killer submission for him. I hope this makes sense :( – Perl Fanatic Jul 30 '13 at 23:43
  • That makes sense. Unfortunately, such checking effectively requires a loop. Unless the data is some sort of numeric range (in which case you can use math to check it), you're stuck with loops as far as I know. – J David Smith Jul 30 '13 at 23:45
  • 1
    `isset` should be faster than `in_array`, so maybe this'll help your situation. The other thing you could do is loop through `$masterArray` ONCE and pull out those fields from `$_POST` if they're there. I can't imagine a loop of 200 elements would be noticeable performance-wise against a single database query. – grossvogel Jul 30 '13 at 23:53
  • @grossvogel stealing your method and adding it to my post! – J David Smith Jul 30 '13 at 23:55