So when using this code on my form I get the following output:
WHILE:
p2p
on
category
Revenants
PHP:
while($i = current($_POST)) {
echo key($_POST);
echo '<br />';
echo $i;
echo '<br />';
next($_POST);
}
Form (too long to post here): http://pastebin.com/5Gcsz42m
Why doesn’t it echo all of it?
Probably because that is assuming the cursor in $_POST is located at the beginning of the array.
Per the manual
Every array has an internal pointer to its “current” element, which is initialized to the first element inserted into the array.
However, all of the examples are numerically based index arrays. $_POST is not that type of an array, it is an associative array, and so the first inserted element, doesn’t necessarily mean that element is located at the beginning of the array.
It would be best to use a foreach loop, or to skip the loop altogether and just use print_r or var_dump
foreach ($_POST as $key => $val)
{
echo $key . '<br />' . $val . '<br />';
}
// OR
echo '<pre>';
print_r($_POST);
echo '</pre>';
// OR
echo '<pre>';
var_dump($_POST);
echo '</pre>';
Thanks, I started with Java and get confused or don’t know every validators in PHP yet. The validators (the brackets after if, English isn’t my primary language so I’m not always sure if the word I’m typing is the correct one) are much more simple in Java because there are less options with more outcomes if you know what I mean.
while($i = current($_POST)) {
is not your best condition to check. If the value is “falsy” (empty string, zero) it will break the loop. That’s likely what was happening to you. foreach() as shown in the previous post would be better.
You may also want to check the $_POST for any illegal characters and sanitize against possible XSS attacks.
Current setup would not prevent code being inserted by placing
<script>alert("hacked")</script>
in your input box.
Using
htmlspecialchars($_POST);
and
strip_tags($_POST);
would help to avoid this.
Of course I’m clearing unwanted characters, don’t play me for a fool.