PDA

View Full Version : [PHP] Getting variables from $_GET


whocares
Feb 21, 2004, 01:14 AM
I've decided to turn Register_globals off as my comp is now a 24/7 web server. The thing is I wrote most of my code in a lazy way and took full advantage of globals...

So the question is: does anyone have a pre-written piece of code to get all my variables out of the $_GET array? It's kinda tedious doing the variables one by one :eek:

I'll prolly look into myself as soon as I have time, but being lazy as I am, I thought maybe someone here wouldn't mind sharing their code :)

Cheers,
D

sleepy_kev
Feb 21, 2004, 03:52 AM
So the question is: does anyone have a pre-written piece of code to get all my variables out of the $_GET array? It's kinda tedious doing the variables one by one

Not sure if I'm following you correctly but you should be able to simply extract($_GET); in any methods you need the get vars.

so if your url was:

http://fake.url.com/?product=ibook&manuf=apple

you could do:

function testFunc() {
extract($_GET);

echo $product;
echo $manuf;
}

I think. Someone my correct me.

hth
Kev.

Rower_CPU
Feb 21, 2004, 10:06 AM
I'm not looking forward to when I have to go through and update my code to access GET/POST variables properly. I learned PHP using globals, unfortunately.

sonofslim
Feb 21, 2004, 10:19 AM
if you use extract, please read

http://us4.php.net/manual/en/function.extract.php

for some important information regarding security. using extract makes it possible for users to set other variables ($_SERVER, $_COOKIE, $_ENV etc.) using GET.

think about it: you're going to automatically set all variables that show up in your GET statement. what if someone starts setting additional variables from the URL? see the manual page (above) for an example wherein someone sets the remote address header to 127.0.0.1 and the script thinks the request is coming from the local host -- that's exactly why you turned off register_globals in the first place.

sorry, but better to not be lazy and extract only the variables you need.

sleepy_kev
Feb 21, 2004, 01:09 PM
Originally posted by sonofslim
if you use extract, please read for some important information regarding security. using extract makes it possible for users to set other variables ($_SERVER, $_COOKIE, $_ENV etc.) using GET.

That is an excellent point! Goodness, please ignore me :)

whocares
Feb 21, 2004, 01:55 PM
Originally posted by Rower_CPU
I'm not looking forward to when I have to go through and update my code to access GET/POST variables properly. I learned PHP using globals, unfortunately.

Yeah, it's a b*tch ain't it? :p

-all
thanks for the info and the advice. I guess I'll just have not be lazy...

Also, would the same security problem exist with extract if I used a POST method instead of GET?

sleepy_kev
Feb 21, 2004, 02:21 PM
Thinking about it, you could maintain an array of safe variables and check all your GET variables against it using in_array(); or something (faling to a default if you have dodgey vars). But then that's probably more work, and does intoroduce more code. Sonofslim is right, best just do it the right way from the outset. Probably save you grief in the long run.

Just musing out loud...

sonofslim
Feb 21, 2004, 03:23 PM
Originally posted by sleepy_kev
Thinking about it, you could maintain an array of safe variables and check all your GET variables against it using in_array(); or something

yeah, but then you gotta change your safe array every time you change your GET variables.

what is it about programmers that makes us such a lazy bunch? or is it the act of programming that teaches us to look for shortcuts wherever possible?

sleepy_kev
Feb 21, 2004, 03:31 PM
Could be slim, heh :) Anyway like I said more work in the long run. I agree with you, do it right and save yourself hassle later. I was just chucking that in there as a possibility.

I think I should stop dispensing php advice :)

whocares
Feb 22, 2004, 06:50 PM
I have decided not to be lazy and have started updating my pages.

Tedious, but not as long as I thought. I'll also take the time to clean up the code and properly comment it! :cool:

sonofslim
Feb 22, 2004, 07:21 PM
Originally posted by whocares
I'll also take the time to clean up the code and properly comment it! :cool:

you'll thank yourself for that somewhere down the road -- i guarantee it.

mrjamin
Feb 23, 2004, 05:41 PM
<?php
$ArrayList = array("_GET", "_POST", "_SESSION", "_COOKIE", "_SERVER");
foreach($ArrayList as $gblArray)
{
$keys = array_keys($$gblArray);
foreach($keys as $key)
{
@$$key = trim(${$gblArray}[$key]);
}
}
?>

"can't nobody say strong bad never did nothing for the peoples" ;)