[PHP] Getting variables from $_GET

Discussion in 'Web Design and Development (archive)' started by whocares, Feb 20, 2004.

  1. macrumors 65816

    whocares

    Joined:
    Oct 9, 2002
    Location:
    :noitаɔo˩
    #1
    I've decided to turn Register_globals off as my comp is now a 24/7 web server. The thing is I wrote most of my code in a lazy way and took full advantage of globals...

    So the question is: does anyone have a pre-written piece of code to get all my variables out of the $_GET array? It's kinda tedious doing the variables one by one :eek:

    I'll prolly look into myself as soon as I have time, but being lazy as I am, I thought maybe someone here wouldn't mind sharing their code :)

    Cheers,
    D
     
  2. macrumors newbie

    Joined:
    Jan 29, 2003
    #2
    Re:
    PHP:
     Getting variables from $_GET[/b]

    [
    QUOTE]So the question isdoes anyone have a pre-written piece of code to get all my variables out of the $_GET array? It's kinda tedious doing the variables one by one[/QUOTE]

    Not sure if I'
    m following you correctly but you should be able to simply extract($_GET); in any methods you need the get vars.

    so if your url was:

    http://fake.url.com/?product=ibook&manuf=apple

    you could do:

    function 
    testFunc() {
        
    extract($_GET);

        echo 
    $product;
        echo 
    $manuf;
    }

    [I]think[/I]. Someone my correct me.

    hth
    Kev
    .
     
  3. Moderator emeritus

    Rower_CPU

    Joined:
    Oct 5, 2001
    Location:
    San Diego, CA
    #3
    I'm not looking forward to when I have to go through and update my code to access GET/POST variables properly. I learned PHP using globals, unfortunately.
     
  4. macrumors 6502a

    sonofslim

    Joined:
    Jun 6, 2003
    #4
    if you use extract, please read

    http://us4.php.net/manual/en/function.extract.php

    for some important information regarding security. using extract makes it possible for users to set other variables ($_SERVER, $_COOKIE, $_ENV etc.) using GET.

    think about it: you're going to automatically set all variables that show up in your GET statement. what if someone starts setting additional variables from the URL? see the manual page (above) for an example wherein someone sets the remote address header to 127.0.0.1 and the script thinks the request is coming from the local host -- that's exactly why you turned off register_globals in the first place.

    sorry, but better to not be lazy and extract only the variables you need.
     
  5. macrumors newbie

    Joined:
    Jan 29, 2003
    #5
    That is an excellent point! Goodness, please ignore me :)
     
  6. thread starter macrumors 65816

    whocares

    Joined:
    Oct 9, 2002
    Location:
    :noitаɔo˩
    #6
    Yeah, it's a b*tch ain't it? :p

    -all
    thanks for the info and the advice. I guess I'll just have not be lazy...

    Also, would the same security problem exist with extract if I used a POST method instead of GET?
     
  7. macrumors newbie

    Joined:
    Jan 29, 2003
    #7
    Thinking about it, you could maintain an array of safe variables and check all your GET variables against it using in_array(); or something (faling to a default if you have dodgey vars). But then that's probably more work, and does intoroduce more code. Sonofslim is right, best just do it the right way from the outset. Probably save you grief in the long run.

    Just musing out loud...
     
  8. macrumors 6502a

    sonofslim

    Joined:
    Jun 6, 2003
    #8
    yeah, but then you gotta change your safe array every time you change your GET variables.

    what is it about programmers that makes us such a lazy bunch? or is it the act of programming that teaches us to look for shortcuts wherever possible?
     
  9. macrumors newbie

    Joined:
    Jan 29, 2003
    #9
    Could be slim, heh :) Anyway like I said more work in the long run. I agree with you, do it right and save yourself hassle later. I was just chucking that in there as a possibility.

    I think I should stop dispensing php advice :)
     
  10. thread starter macrumors 65816

    whocares

    Joined:
    Oct 9, 2002
    Location:
    :noitаɔo˩
    #10
    I have decided not to be lazy and have started updating my pages.

    Tedious, but not as long as I thought. I'll also take the time to clean up the code and properly comment it! :cool:
     
  11. macrumors 6502a

    sonofslim

    Joined:
    Jun 6, 2003
    #11
    you'll thank yourself for that somewhere down the road -- i guarantee it.
     
  12. macrumors 65816

    mrjamin

    Joined:
    Feb 6, 2003
    Location:
    Strongbadia
    #12
    PHP:
    <?php
    $ArrayList 
    = array("_GET""_POST""_SESSION""_COOKIE""_SERVER");
    foreach(
    $ArrayList as $gblArray)
    {
                 
    $keys array_keys($$gblArray);
                   foreach(
    $keys as $key)
                 {
                             @$
    $key trim(${$gblArray}[$key]);
                 }

    ?>
    "can't nobody say strong bad never did nothing for the peoples" ;)
     

Share This Page