CODEWITHSUNDEEP
phppostsession-variables
RC.
RC.

Reputation: 61

PHP - Convert all POST data into SESSION variables

There's got to be a much more elegant way of doing this.

How do I convert all non-empty post data to session variables, without specifying each one line by line? Basically, I want to perform the function below for all instances of X that exist in the POST array.

if (!empty($_POST['X'])) $_SESSION['X']=$_POST['X'];

I was going to do it one by one, but then I figured there must be a much more elegant solution

Upvotes: 6

Views: 16042

Answers (6)

Rafik Bari
Rafik Bari

Reputation: 5037

  $_SESSION["data"] = $POST;
  $var = $_SESSION["data"];

Then just use $var as a post variable. For example:

  echo $var["email"];

instead of 

  echo $_POST["email"];

Cheers

Upvotes: 0

jeffbyrnes
jeffbyrnes

Reputation: 2221

This lead me to this bit, which is a simplified version of @meder's answer:

<?php
$accepted = array('foo', 'bar', 'baz');

foreach ( $accepted as $name ) {
    if ( isset( $_POST[$name] ) ) {
        $_SESSION[$name] = $_POST[$name];
    }
}

You might also substitute !empty() for isset() above, though be aware of how much farther-reaching empty() is, as @meder pointed out.

Upvotes: 1

Vali
Vali

Reputation: 31

The syntax error, is just because there is a bracket still open. it should be 

$vars = array('name', 'age', 'location');
foreach ($vars as $v) {
   if (isset($_POST[$v])) {
      $_SESSION[$v] = $_POST[$v];
   }
}

It should work like that. If you use 

if ($_POST[$v])...

it strips down empty data.

Upvotes: 3

meder omuraliev
meder omuraliev

Reputation: 186562

I would specify a dictionary of POST names that are acceptable.

$accepted = array('foo', 'bar', 'baz');

foreach ( $_POST as $foo=>$bar ) {
    if ( in_array( $foo, $accepted ) && !empty($bar) ) {
        $_SESSION[$foo] = $bar;
    }
}

Or something to that effect. I would not use empty because it treats 0 as empty.

Upvotes: 10

cletus
cletus

Reputation: 625027

Well the first thing I would suggest is you don't do this. It's a huge potential security hole. Let's say you rely on a session variable of username and/or usertype (very common). Someone can just post over those details. You should be taking a white list approach by only copying approved values from $_POST to $_SESSION ie:

$vars = array('name', 'age', 'location');
foreach ($vars as $v) {
  if (isset($_POST[$v]) {
    $_SESSION[$v] = $_POST[$v];
  }
}

How you define "empty" determines what kind of check you do. The above code uses isset(). You could also do if ($_POST[$v]) ... if you don't want to write empty strings or the number 0.

Upvotes: 1

lemon
lemon

Reputation: 9205

Here you go,

if(isset($_POST) {
 foreach ($_POST as $key => $val) {
  if($val != "Submit")
   $_SESSION["$key"] = $val;
 }
}

Upvotes: 2

Related Questions