Sanitising and Adding Post Meta with unknown number of fields

Question

I've got a field like this...

<input type="text" name="summary" value="" required />

...which I am easily able to sanitize_text_field and add_post_meta with this...

$summary = sanitize_text_field($_POST["summary"]);
add_post_meta( $post_id, 'summary', $summary);

But when it comes to the additional post_meta I need to store in the DB, I don't know how to go about it because I don't know how many additional fields there will be in the form. It will vary.

So the additional form fields could be like this...

<input type="text" name="cat_01" value="" />
<input type="number" name="dog_01" value="" />
<input type="number" name="rabbit_01" value="" />
<input type="text" name="mouse_01" value="" />

<input type="text" name="cat_02" value="" />
<input type="number" name="dog_02" value="" />
<input type="number" name="rabbit_02" value="" />
<input type="text" name="mouse_02" value="" />

...but sometimes there could be a 3rd set of these fields, or a fourth etc and there's really no limit, and I don't know how many sets of these fields there will be.

So for example if there is a 3rd set of these fields they will look like:

<input type="text" name="cat_03" value="" />
<input type="number" name="dog_03" value="" />
<input type="number" name="rabbit_03" value="" />
<input type="text" name="mouse_03" value="" />

So you get the idea.

How can I sanitise and add_post_meta when I don't know what I'm going to be capturing?

Cheers.

Answer 1

Why don't you make it easy on yourself and save all those in an array something like this:

<!-- With type -->
<input type="text" name="animal[dog][]" value=""/>
<input type="text" name="animal[cat][]" value="" />
<!-- No Type -->
<input type="text" name="animal[]" value="" />

You get the idea right?

On the backend then you can get the fields with

if( isset( $_POST['animal'] ) ) {
  $sanitized_array = array();

  foreach( $_POST['animal'] as $type ) {
    if( is_array( $type ) ) {
      // This is a type, let's go over that

      // If it does not exist, create it
      if( ! isset( $sanitized_array[ $type ] ) ) {
        $sanitized_array[ $type ] = array();
      }

      foreach( $type as $value ) {
       $sanitized_array[ $type ][] = sanitize_text_field( $value ); 
      }
    } else {
      // It is not an array, so it's a value instead
      $sanitized_array[] = sanitize_text_field( $value );
    }
  }

  // We have our sanitized array, let's save it:
  update_post_meta( $post_id, 'animal', $sanitized_array );
}

That is something similar I already have created where the fields are done dynamically and we don't know how much we will need to save.

I hope this will give you a guide on how to make that.

Answer 2

You can use foreach to iterate any number of fields. Example:

foreach($_POST as $name=>$value){
    $sanitizedValue = sanitize_text_field($value);
    add_post_meta($post_id, $name, $sanitizedValue);
}

Answer 3

In the below code I have taken an array with limit 4 you can put until you have used your sets of animals. then check which one is posted then santized that post variable.

    $sanited_array = array();
    for($i = 1 ; $i < 4 ; $i++)
    {

    if(isset($_POST['cat_0'.$i]))
    {
        $sanited_array['cat'][] = sanitize_text_field($_POST['cat_0'.$i]);
    }
    if(isset($_POST['dog_0'.$i]))
    {
        $sanited_array['dog'][] = sanitize_text_field($_POST['dog_0'.$i]);
    }
    if(isset($_POST['rabbit_0'.$i]))
    {
        $sanited_array['rabbit'][] = sanitize_text_field($_POST['rabbit_0'.$i]);
    }
    if(isset($_POST['mouse_0'.$i]))
    {
        $sanited_array['mouse'][] = sanitize_text_field($_POST['mouse_0'.$i]);
    }
}
update_post_meta( $post_id, 'animal', $sanited_array );