How to read post values easier in PHP

Question

I am posting a values from a HTML form to a php file. In my current code I am submitting several post values and have to do a check for each post variable if they are set.

I'd like to know if there is a more effective way of doing this. One requirement is that the values will be inserted in order.

HTML form:

<form>
<input type=text name=exercise1> <input type=text name=sets1>
<input type=text name=exercise2> <input type=text name=sets2>
<input type=text name=exercise3> <input type=text name=sets3>
<input type=text name=exercise4> <input type=text name=sets4>
...
</form>

SQL table:

id autoincrement
exercise varchar(200)
sets varchar(10)

I tried the next code:

$exercise1 = $_POST['exercise1'];
$sets1 = $_POST['sets1'];
$exercise2 = $_POST['exercise2'];

if(isset($exercise1)){
    $sql = "insert into exercises (exercise, sets) values ($exercise1, $sets1)";
    execute_sql($sql);
}

if(isset($exercise2)){
    $sql = "insert into exercises (exercise, sets) values ($exercise2, $sets2)";
    execute_sql($sql);
}

Just take a look at [this question](https://stackoverflow.com/questions/4169882/what-is-in-php) to see how you can access variable variables. In your case you can use that in a for-loop. But be warned, that this creates vulnerabilities if it is not implemented with caution. — Philipp Maurer, Sep 24 '18 at 13:26
Or use form element names that give you _arrays_ in $_POST that you can easily loop over. https://stackoverflow.com/questions/6152436/posting-array-from-form/6152462 — misorude, Sep 24 '18 at 13:28

score 2 · Accepted Answer · answered Sep 24 '18 at 13:44

Default form method is GET, so you are probably not getting anything while trying to read $_POST. To fix it, you need to change this:

<form>

to this:

<form method="post">

To make it easier, you should redefine your form, so it would be an array:

<input type="text" name="exercise[]"> <input type="text" name="sets[]">
<input type="text" name="exercise[]"> <input type="text" name="sets[]">
<input type="text" name="exercise[]"> <input type="text" name="sets[]">
<input type="text" name="exercise[]"> <input type="text" name="sets[]">

That will keep an order as in code. Some browsers are not sending empty values, so it would be better to manually order them (so you would know, if there was no answer or whatever):

<input type="text" name="exercise[1]"> <input type="text" name="sets[1]">
<input type="text" name="exercise[2]"> <input type="text" name="sets[2]">
<input type="text" name="exercise[3]"> <input type="text" name="sets[3]">
<input type="text" name="exercise[4]"> <input type="text" name="sets[4]">

Now you can iterate through it in PHP like this:

<?php
   foreach($_POST["exercise"] as $id => $exercise){
      echo "EXERCISE $id: " . $exercise . ", SETS $id: " . $_POST["sets"][$id] . "<br />"; 
   }
?>

Please note, that your SQL query is probably vulnerable to injection attacks!

Instead of raw query, you should use something like mysqli_real_escape_string() (or similar; depends what lib are you using to connect to database):

<?php
   $sql = "insert into exercises (exercise, sets) values (" . mysqli_real_escape_string($exercise) . "," . mysqli_real_escape_string($_POST["sets"][$id]) .")";
?>

Using $_REQUEST is not bad in development as it take both $_GET and $_POST but take care when you are merging your code to production.... my 2cts on Flash Thunder's one which is great. — Stv, Sep 24 '18 at 15:27

How to read post values easier in PHP

1 Answers1