大量 PHP 变量形成环境卫生答案

【问题标题】：Mass PHP variables form sanitation大量 PHP 变量形成环境卫生
【发布时间】：2014-06-10 08:26:17
【问题描述】：

我希望能够在一个 for 语句中清理我的所有表单元素。问题是，我不确定如何尽可能简单地做到这一点。这些是我想要清理的 PHP 变量。

PHP 变量

$dateMonth = $_POST["dateMonth"];
$dateDay = $_POST["dateDay"];
$game = $_POST["bbsb"];
$gameType = $_POST["type"];
$VisitorTeamname = $_POST["VisitorTeamname"];
$VisitorInning1 = $_POST["VisitorInning1"];
$VisitorInning2 = $_POST["VisitorInning2"];
$VisitorInning3 = $_POST["VisitorInning3"];
$VisitorInning4 = $_POST["VisitorInning4"];
$VisitorInning5 = $_POST["VisitorInning5"];
$VisitorInning6 = $_POST["VisitorInning6"];
$VisitorInning7 = $_POST["VisitorInning7"];
$VisitorInning8 = $_POST["VisitorInning8"];
$VisitorInning9 = $_POST["VisitorInning9"];
$VisitorInning10 = $_POST["VisitorInning10"];
$VisitorInning11 = $_POST["VisitorInning11"];
$VisitorInning12 = $_POST["VisitorInning12"];
$VisitorR = $_POST["VisitorR"];
$VisitorH = $_POST["VisitorH"];
$VisitorE = $_POST["VisitorE"];
$VisitorRecord = $_POST["VisitorRecord"];
$HomeTeamname = $_POST["HomeTeamname"];
$HomeInning1 = $_POST["HomeInning1"];
$HomeInning2 = $_POST["HomeInning2"];
$HomeInning3 = $_POST["HomeInning3"];
$HomeInning4 = $_POST["HomeInning4"];
$HomeInning5 = $_POST["HomeInning5"];
$HomeInning6 = $_POST["HomeInning6"];
$HomeInning7 = $_POST["HomeInning7"];
$HomeInning8 = $_POST["HomeInning8"];
$HomeInning9 = $_POST["HomeInning9"];
$HomeInning10 = $_POST["HomeInning10"];
$HomeInning11 = $_POST["HomeInning11"];
$HomeInning12 = $_POST["HomeInning12"];
$HomeR = $_POST["HomeR"];
$HomeH = $_POST["HomeH"];
$HomeE = $_POST["HomeE"];
$HomeRecord = $_POST["HomeRecord"];

$VisitorPitcher1Name = $_POST["VisitorPitcher1Name"];
$VisitorPitcher1IP = $_POST["VisitorPitcher1IP"];
$VisitorPitcher1R = $_POST["VisitorPitcher1R"];
$VisitorPitcher1ER = $_POST["VisitorPitcher1ER"];
$VisitorPitcher1H = $_POST["VisitorPitcher1H"];
$VisitorPitcher1BB = $_POST["VisitorPitcher1BB"];
$VisitorPitcher1SO = $_POST["VisitorPitcher1SO"];

$VisitorPitcher2Name = $_POST["VisitorPitcher2Name"];
$VisitorPitcher2IP = $_POST["VisitorPitcher2IP"];
$VisitorPitcher2R = $_POST["VisitorPitcher2R"];
$VisitorPitcher2ER = $_POST["VisitorPitcher2ER"];
$VisitorPitcher2H = $_POST["VisitorPitcher2H"];
$VisitorPitcher2BB = $_POST["VisitorPitcher2BB"];
$VisitorPitcher2SO = $_POST["VisitorPitcher2SO"];

$VisitorPitcher3Name = $_POST["VisitorPitcher3Name"];
$VisitorPitcher3IP = $_POST["VisitorPitcher3IP"];
$VisitorPitcher3R = $_POST["VisitorPitcher3R"];
$VisitorPitcher3ER = $_POST["VisitorPitcher3ER"];
$VisitorPitcher3H = $_POST["VisitorPitcher3H"];
$VisitorPitcher3BB = $_POST["VisitorPitcher3BB"];
$VisitorPitcher3SO = $_POST["VisitorPitcher3SO"];

$HomePitcher1Name = $_POST["HomePitcher1Name"];
$HomePitcher1IP = $_POST["HomePitcher1IP"];
$HomePitcher1R = $_POST["HomePitcher1R"];
$HomePitcher1ER = $_POST["HomePitcher1ER"];
$HomePitcher1H = $_POST["HomePitcher1H"];
$HomePitcher1BB = $_POST["HomePitcher1BB"];
$HomePitcher1SO = $_POST["HomePitcher1SO"];

$HomePitcher2Name = $_POST["HomePitcher2Name"];
$HomePitcher2IP = $_POST["HomePitcher2IP"];
$HomePitcher2R = $_POST["HomePitcher2R"];
$HomePitcher2ER = $_POST["HomePitcher2ER"];
$HomePitcher2H = $_POST["HomePitcher2H"];
$HomePitcher2BB = $_POST["HomePitcher2BB"];
$HomePitcher2SO = $_POST["HomePitcher2SO"];

$HomePitcher3Name = $_POST["HomePitcher3Name"];
$HomePitcher3IP = $_POST["HomePitcher3IP"];
$HomePitcher3R = $_POST["HomePitcher3R"];
$HomePitcher3ER = $_POST["HomePitcher3ER"];
$HomePitcher3H = $_POST["HomePitcher3H"];
$HomePitcher3BB = $_POST["HomePitcher3BB"];
$HomePitcher3SO = $_POST["HomePitcher3SO"];

$VisitorDouble = $_POST["VisitorDouble"];
$VisitorTriple = $_POST["VisitorTriple"];
$VisitorHomeRun = $_POST["VisitorHomeRun"];
$VisitorLeader = $_POST["VisitorLeader"];
$VisitorGameNotes = $_POST["VisitorGameNotes"];
$HomeDouble = $_POST["HomeDouble"];
$HomeTriple = $_POST["HomeTriple"];
$HomeHomeRun = $_POST["HomeHomeRun"];
$HomeLeader = $_POST["HomeLeader"];
$HomeGameNotes = $_POST["HomeGameNotes"];

只有当表单字段中有任何内容时，我才想运行以下函数。

function test_input($data)
{
     $data = trim($data);
     $data = stripslashes($data);
     $data = htmlspecialchars($data);
     return $data;
}
?>

为简单起见，我将所有变量命名为与每个表单字段的名称值相同。

谢谢你，感谢所有帮助。

【问题讨论】：

if(!empty($_POST...
你的函数 + array_walk() ...希望它们不是用于数据库
不要这样做。看看 PHP 的filter_input_array()。为一个过滤器数组中的每个字段设置适当的验证和清理过滤器，并在一次调用中完成整个工作。

标签： php forms for-loop sanitization

【解决方案1】：

如果您需要像您的示例中那样将每个变量名称分开（而不是在数组中）：

foreach($_POST as $key => $val) {
    $$key = test_input($val);
}

【讨论】：

【解决方案2】：

您可以通过您的函数运行它，然后使用extract() 生成您之前拥有的所有这些变量。我猜你稍后会使用这些变量名：

foreach ($_POST as $k => $v){
    $clean[$k] = test_input($v)
}
extract($clean);

【讨论】：

@IarsAnders 是的。我通过创建带有它们的值的电子邮件来使用这些变量。所以我要做的就是把这个 foreach 语句放在我的清理函数中？如果这看起来很愚蠢，我很抱歉，但我是一个 PHP 新手，从来不需要处理这么多变量，我不能只是输入，也不会浪费一个小时手动完成。
这不会进入函数内部，因为它实际上使用了函数。这段代码将替换您从$dateMonth = $_POST["dateMonth"]; 一直到$HomeGameNotes = $_POST["HomeGameNotes"]; 的所有变量赋值
老实说，我认为@Pitchinnate 的答案更好。我的回答会生成一个临时数组 ($clean)，而他的不会。 $$ 用于神奇地将每个键转换为同名变量。试试他的代码。这两行覆盖了它。
啊，好吧。极好的。由于 foreach 调用了 test_input 函数，因此代码会执行它，对吗？
从技术上讲，函数可以在代码中的任何位置，但我个人更喜欢保持这种逻辑顺序以提高可读性。

【解决方案3】：

我建议将您的 test_input 函数更改为

function test_input($data)
{
  if($data == "") {
    return;
  }
  $data = trim($data);
  $data = stripslashes($data);
  $data = htmlspecialchars($data);
  return $data;
}

只需在 $_POST 中的所有元素上运行它

【讨论】：

【解决方案4】：

在放入变量运行之前

foreach($_POST as $key => $value){
    $_POST[$key] = test_input($value);
}

然后放入变量中

享受:)

【讨论】：

【解决方案5】：

您只需 8 行代码即可完成类似操作。

$values = $_POST; // Just so we make sure that we don't use the $_POST array afterwards

array_walk($values, function (&$val) {
    if (!empty($val)) {
        $val = htmlspecialchars(stripslashes(trim($val)));
    }
});

extract($values);
unset($values);

【讨论】：