php – How to validate with a function all the data received by $_POST with empty and isset?

Question:

How can I validate all the data sent to the server through a function that checks if it exists and is not empty, and returns true or false? That's too much data that a form submits.

I have performed this function but it does not work for me on the last entered value.

public function validatePost($array) {
    $error = false;
    foreach($array as $value) {
        if (isset($value) && !empty($value)) {
            $error = true;
        }
    }
    return $error;
}


public function register() {

    if (@$_POST) {

        foreach($_POST as $campo => $valor) {
            $asig = "$".$campo.
            "='".htmlspecialchars($valor, ENT_QUOTES).
            "';";
            eval($asig);
        }
        $array = array($name, $last);
        if ($this - > validatePost($array)) {
            echo "<h3>Todos los datos fueron recibidos</h3>";
        } else {
            echo "<h3>Error:faltaron datos para realizar el registro</h3>";;
        }
    }

Answer:

Code issue:

The problem is that if the first parameter exists, you are setting $error=true; , and it doesn't matter if any are missing afterwards (and you're using $error to indicate if it's ok – the name is misleading).

On the other hand, it is very dangerous to be using eval() with user-supplied data. It implies a security risk for your solution.

Solution:

We define the class ParametrosPOST to process all the received parameters and then get them as $paramPOST->username (or whatever).

Also, $paramPOST->estanTodosLosParametros returns whether all the desired parameters of the form were received.

Code:

class ParametrosPOST
{
    public $estanTodosLosParametros;  // true/false si se enviaron todos
    private $_valores;
    
    
    public function __construct(Array $parametros) {
        $this->estanTodosLosParametros = true;
        
        //verificar que estén todos
        foreach ($parametros as $valor) {
            if (isset($_POST[$valor]) && !empty($_POST[$valor])) {
                $this->_valores[$valor] = $_POST[$valor];
            } else {
                $this->estanTodosLosParametros = false;
            }
        }
    }
    
    // $paramPOST->nombre
    //   y que devuelva $paramPOST->_valores['nombre']

    public function __get($param){
        return array_key_exists($param, $this->_valores)
            ? $this->_valores[$param]
            : null;
    }
    
    public function __set($param, $valor){
        return $this->_valores[$param] = $valor;
    }
    
}

Usage example:

$paramPOST = new ParametrosPOST([  // listar todos
    'name','last','phone',
    'username','mail','password',
    'state'
    ]);

if ($paramPOST->estanTodosLosParametros) {
    echo "
        <h3>Todos los datos fueron recibidos</h3>
        <p>Nombre: $paramPOST->name</p>
        <p>Tel: $paramPOST->phone</p>
        ";
} else {
    echo "<h3>Error: faltaron datos para realizar el registro</h3>";;
}

Demo at ideone.com

Post Views: 7
Scroll to Top