user1613163 user1613163 - 1 month ago 7
PHP Question

retrieving array using $_REQUEST but not $_POST

I've been blinding myself with

$_POST
-related problems on SO for days, still have no resolution to my problem (and it sure seems a lot of folks have issues with
$_POST
) however, following-up my question (PHP arrays, iterating form input values) with some new info:

So ... I have a form (input.php) with about a dozen fields which are
$_POST
ing no problem (to process.php), however within this form is a table for line items, to which the user can dynamically add rows as needed (the markup is a single table row, hardcoded; add'l rows added using jQuery).

So, while all the other input's values are
$_POST
ing, the values in this table are not. If, in my process page I replace
$_POST
with
$_REQUEST
for the table's values, they are retrieved, i.e.:

Pertinent excerpts from the form page:

<form id="invoiceData" name="invoiceData" method="POST" action="/html/process.php">
<!-- SNIP (invNum input, etc.) -->
<td class="date"><input type="text" class="datepicker" name="date[]" value="" /></td>
<td class="hours"><input type="text" class="hours" name="hours[]" value="" /></td>
<td class="rate"><input type="text" class="rate" name="rate[]" value="" /></td>
<td class="date-total"><input type="text" class="date-total" name="dateTotal[]" value="" /></td>
<td class="add-delete-row">
<a href="#" class="delete-row" title="Delete row">Delete</a>
<a href="#" class="add-row" title="Add a row">Add Row</a>
</td>


Pertinent excerpt from process.php:

<?php
if (isset($_POST['submit'])) {

// GET $_POST VALUES FROM input.php
$invNum = $_POST['invNum'];
$invDate = $_POST['invDate'];
$projNum = $_POST['projNum'];
// etc., a bunch more, getting them all ...

// ... but these, from the dynamic table within the form; $_REQUEST works but not $_POST
for ($i = 0; $i<count($_REQUEST['date']); $i++) {
$date = $_REQUEST['date'][$i];
$hours = $_REQUEST['hours'][$i];
$rate = $_REQUEST['rate'][$i];
$dateTotal = $_REQUEST['dateTotal'][$i];

echo "<div class=\"debug\">
<p>" . $i .". " . $date . ", " . $hours . ", " . $rate . ", " . $dateTotal . "</p>
</div>";
}
}
?>


... which returns:


  1. 2014-02-23, 1, 100.00, 100.00

  2. 2014-02-24, 2, 100.00, 200.00

  3. 2014-02-25, 3, 100.00, 300.00



So, why is
$_REQUEST
retrieving these values but not
$_POST
? Anyway, is there any reason not to move forward using
$_REQUEST
(e.g., security)? What I'm after ultimately is best practices to accomplish this kind of task, I'm open to suggestion (but especially resolution to this week of confusion). I know I have a lot of homework to do re: php arrays.

Many thanks in advance

Answer

Sometime ago I found this and understood it to be a tactic to globally preclude sql injection:

// prevent SQL Injection in $_POST variables:
foreach ($_POST as $key => $value)  {
    $_POST[$key] = mysql_real_escape_string($value);
}

It seems to also be interfering with a $_POST array, so it's got to go. I'll be reading up on sql injection prevention now, but in the meantime, if anyone can suggest a modification to this so that it will not bust my array, please chime in.

Thanks everyone.

Comments