0

Hi everyone!

I'm dealing with an online test that has 100+ questions and I would like a way to:
a) turn all $_POST into $_SESSION automatically
b) clean the data
c) encode it

a) I found this but it makes the form fail

if(isset($_POST) {
 foreach ($_POST as $key => $val) {
  if($val != "Submit")
   $_SESSION["$key"] = $val;
 }
}

I have also read that doing this might be a security problem but having to deal with 100+ questions and turn them from POST to SESSION leaves lots of work (and room for error).

b) I found this

function clean($value)
			{
				if (get_magic_quotes_gpc())	$value = stripslashes($value);					
				if (!is_numeric($value))	$value = mysql_real_escape_string($value);	
				return $value;
			}
		array_walk($_GET,'clean');
		array_walk($_POST,'clean');
		array_walk($_COOKIE,'clean');
	
		extract($_GET,EXTR_PREFIX_ALL,'get');
		extract($_POST,EXTR_PREFIX_ALL,'post');
		extract($_COOKIE,EXTR_PREFIX_ALL,'cookie');

I'm not really sure if this works. Is there any to check if the data is 'clean'?.


c) I made this (looking at the code from (b)

function encode($postedvariable)
			{
				if (get_magic_quotes_gpc())	$value = utf8_encode($postedvariable);					
				if (!is_numeric($postedvariable))	$value = utf8_encode($postedvariable);	
				return $value;
			}
		array_walk($_GET,'encode');
		array_walk($_POST,'encode');
		array_walk($_COOKIE,'encode');
	
		extract($_GET,EXTR_PREFIX_ALL,'get');
		extract($_POST,EXTR_PREFIX_ALL,'post');
		extract($_COOKIE,EXTR_PREFIX_ALL,'cookie');

Can any one help me?

2
Contributors
1
Reply
5
Views
6 Years
Discussion Span
Last Post by nuttyniall
0

Hi

When I use dynamic forms this is how I deal with them

First create the function

function clean($str) 
{
	$str = @trim($str);
	if(get_magic_quotes_gpc()) 
	{
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);  // send back clean
}

Then create the form

$sql = "SELECT Q_id, Q_Disc, service FROM questions"; // gets questions
	$result = mysql_query($sql);
	$rows = mysql_num_rows($result);
	if(!$rows)
	{
		echo "<th>No Products Currently On System</th>";  
	}
	else
        {
        $i = 1;
		while($record = mysql_fetch_array($result)) // prints new question in table
		{	
		   echo"<tr>";
		   echo"<td>{$record['Q_id']}</td>"; gives the db question number
                   echo"<td>{$record['Q_Disc']}</td>"; // gives the question
		   echo"<input type = 'hidden' name='Question[$i]' value='{$record['Q_id']}'/>"; // stores the reference 
		   echo"<td  align='center'><input name='q_Ans[$i]' type='text' size='4' maxlength='4' /></td>"; // stores the answer
		   echo"</tr>";
		   $i++;
		}
         }
// rest of form

Now the parsing in php

foreach($_POST['Question'] as $key => $value) // loops through each question posted
{
        $key = clean($key)
	$q_number = clean($value); // cleans the inputs
	$q_ans = clean($_POST['q_Ans'][$key]);

$_SESSION['ANSWERS'][$q_number] = $q_ans;
	
}

Hope this makes sense

N

Edited by nuttyniall: n/a

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.