6

How can you pass a variable as the $_POST array key value in PHP? Or is it not possible?

$test = "test";
echo $_POST[$test];

Thanks

Dietpixel
  • 9,983
  • 11
  • 28
  • 33

4 Answers4

14

If I get you right, you want to pass a variable from one php-file to another via post. This sure is possible in several ways.

1. With an HTML-form

<form action="target.php" method="post">
  <input type="text" name="key" value="foo" />
  <input type="submit" value="submit" />
</form>

if you click on the submit-button, $_POST['key'] in target.php will contain 'foo'.

2. Directly from PHP

$context = stream_context_create(array(
    'http' => array(
      'method'  => 'POST',
      'header'  => "Content-type: text/html\r\n",
      'content' => http_build_query(array('key' => 'foo'))
    ),
  ));
$return = file_get_contents('target.php', false, $context);

Same thing as in 1., and $return will contain all the output produced by target.php.

3. Via AJAX (jQuery (JavaScript))

<script>
$.post('target.php', {key: 'foo'}, function(data) {
  alert(data);
});
</script>

Same thing as in 2., but now data contains the output from target.php.

Quasdunk
  • 14,944
  • 3
  • 36
  • 45
9
$_POST['key'] = "foo";
echo $_POST['key'];

If I understood right, you want to set a $_POST key.

Jared Farrish
  • 48,585
  • 17
  • 95
  • 104
Dimitar Marinov
  • 922
  • 6
  • 14
5

Yes, yes you can:

$postName = "test";
$postTest = $_POST[$postName];
$_POST["test"] == $postTest; //They're equal
JCOC611
  • 19,111
  • 14
  • 69
  • 90
0

Works just as you said ...

Example :

// create an array of all the GET/POST variables you want to use
$fields = array('salutation','fname','lname','email','company','job_title','addr1','addr2','city','state',
                'zip','country','phone','work_phone');

// convert each REQUEST variable (GET, POST or COOKIE) to a local variable
foreach($fields as $field)
    ${$field} = sanitize($_POST[$field]);
?>

Updated based on comments and downvotes ....

I am not, as was suggested below in the comments looping all data and adding to a variable - im looping pre-determined list of variables and storing them in variables ...

I have change the method of getting the data

Manse
  • 37,765
  • 10
  • 83
  • 108
  • 1
    This should almost never be done, I can easily inject your code or change your system variables and gather system information by modifying the query string !! – Fabrizio Nov 06 '11 at 20:57
  • @Fabrizio Sorry for my ignorance - how can you inject my code - the array is server side ? how is it any different from listing each one – Manse Nov 06 '11 at 21:02
  • let's say you have a system variable called `$mysql_user`, and I pass in the query something like `?mysql_user=root`, you will try to connect to your mysql server using the user `root`. it could give an error on the screen giving me even more information than necessary. You are trying to emulate what `register_global` used to do in PHP. there is a reason why this is now deprecated ;-) – Fabrizio Nov 06 '11 at 21:06
  • 1
    @Fabrizio Thats not going to happen - I loop the $fields array and only get the variables listed here - you can pass `mysql_user` and I wont read it – Manse Nov 06 '11 at 21:08
  • 1
    I guess I'm confused. I agree, use `$_GET`, `$_POST` or `$_COOKIE` for consistency, but if the variables that are generated are created according to a server-side only array, where is the security issue related to local variable corruption? – Jared Farrish Nov 06 '11 at 21:10
  • @mlitn you care to share your reasons ? – Manse Nov 06 '11 at 21:10
  • @JaredFarrish thanks ... i was beginning to think I had gone insane ! – Manse Nov 06 '11 at 21:11
  • trust me, I saw many times people starting with simple example like what you posted and ended up with code that would override system vars. I will remove the vote down as your example is not FULLY wrong, but like has been said already, the REQUEST is wrong, and NEVER, when possible, use a loop like you did – Fabrizio Nov 06 '11 at 21:11
  • 1
    @All - [What's wrong with using $_REQUEST?](http://stackoverflow.com/questions/2142497/whats-wrong-with-using-request) – Jared Farrish Nov 06 '11 at 21:14
  • Not to mention the original question was using `$_POST` – Mike Nov 06 '11 at 21:17
  • @JaredFarrish i have read that question and the accepted answer - and there is only a gotcha about using $_REQUEST - ie you could accidentally do something that will cause issues - no security problem or major memory leak ... to me the downvotes are a little harsh ? no ? updated my answer anyway – Manse Nov 06 '11 at 21:19
  • @Fabrizio - The only real issue I see with that is a COOKIE stomping an already declared GET or POST value, not a security issue. The method that ManseUK demonstrates just does not rank as a plainly *security* issue per se, albeit a *consistency* issue more likely. – Jared Farrish Nov 06 '11 at 21:21
  • @JaredFarrish Thanks for you input - I have learnt about the _COOKIE issue ....... – Manse Nov 06 '11 at 21:22
  • OK, the insecure part was the loop to generate variables, the REQUEST is not a big issue per se, but let's say that you are looking for a POST, and I change the URL to have that variable in the GET, you would use the wrong one. Again, like I mentioned before, it is not a FULLY wrong answer, just not correct and maybe I "downvoted" a bit too fast. already removed it – Fabrizio Nov 06 '11 at 21:25
  • @ManseUK - Although I will note if a coder is incautious and ends up declaring a variable that is then overridden later, this method is still problematic (again, consistency more likely but variable injection also possible). However, not using REQUEST won't necessarily resolve this. And it's better to use the correct superglobal (and declared variables) to populate your variables with submitted data. `:)` – Jared Farrish Nov 06 '11 at 21:25