|
A Time Saver for dealing with _GET/_POST
|
Email
|
| Submitted on: |
3/11/2003 3:09:32 PM |
| By: |
Damien B
|
| Level: |
Advanced |
| User Rating: |
By 4 Users |
| Compatibility: |
PHP 3.0, PHP 4.0 |
| Views: |
21069 |
|
(About the author) |
|
|
|
This is a better way to handle a large amount of incoming form variables what are placed inside the _GET/_POST arrays. Instead of making a string declaration for each variable or writing a loop to output them to a file (such an earlier posting) try this, it saves a great deal of time and is very compact.
|
| |
|
code:
Can't Copy and Paste this?
Click here for a copy-and-paste friendly version of this code!
Terms of Agreement:
By using this code, you agree to the following terms...
- You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
- You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
- You may link to this code from another website, but ONLY if it is not wrapped in a frame.
- You will abide by any additional copyright restrictions which the author may have placed in the code or code's description.
|
//**************************************
// Name: A Time Saver for dealing with _GET/_POST
// Description:This is a better way to handle a large amount of incoming form variables what are placed inside the _GET/_POST arrays. Instead of making a string declaration for each variable or writing a loop to output them to a file (such an earlier posting) try this, it saves a great deal of time and is very compact.
// By: Damien B
//
// Assumes:Change the _POST to _GET or even _SESSION accordingly.
//
//This code is copyrighted and has// limited warranties.Please see http://www.Planet-Source-Code.com/vb/scripts/ShowCode.asp?txtCodeId=935&lngWId=8//for details.//**************************************
while(list($key,$value)= each($_POST)) {
eval("$\$key = \"$value\";");
}
|
|
Report Bad Submission
|
Your Vote
|
| |
Other User Comments
|
 4/1/2003 1:07:46 AM:
Or, you could just use:
extract($_POST);
(If this comment was disrespectful, please report it.)
|
4/1/2003 1:12:28 AM:
Or another idea would be to properly use variables and not declare everything in the global namespace. If you need access to $_POST["username"] then use it, don't convert it into insecure $username.
(If this comment was disrespectful, please report it.)
|
4/2/2003 1:44:39 AM:
Yeah, that is what I would do, makes things less confusing too... and if for some reason you are using register_globals, that causes a really big problem.. as I have sadly experienced
(If this comment was disrespectful, please report it.)
|
5/20/2003 4:17:53 AM:
A nice and very useful routine, that I have implemented several times. Unfortunately it does not work for arrays.
If you use multiple selects or checkboxes in your HTML, you will use arrays to transport the data to the server. On your HTML page this looks like , etc.
When this is transported to the server you will see in your commandline (with the GET version) the value mycheckbox[] defined several times.
To decode that you have to do:
$mycheckbox = $_GET[
(If this comment was disrespectful, please report it.)
|
5/20/2003 4:28:01 AM:
Hey! PSC cut off the last part of my message! So here is the rest:
To decode that you have to
do:
$mycheckbox = $_GET["mycheckbox"]; I suppose that the routine tries $_GET["mycheckbox[]"], what doesn't work.
Maybe someone knows a way to get the routine to handle this too?
(If this comment was disrespectful, please report it.)
|
5/29/2003 4:54:42 AM:
The code will go wrong when a variable contains quotes (result: an empty variable). So something better would be:
while(list($key,$value) = each($input))
{ eval("$\$key = \"".str_replace('"','\\"',$value)."\";");
(If this comment was disrespectful, please report it.)
|
10/1/2003 1:38:06 PM:
Thank you for the submittal - it is a clean example.
As a matter of principle, I think dumping all globals to locals is a bad practice. I agree with the post on 4/1/2003 1:12:28 AM: only use what you need when you need.
(If this comment was disrespectful, please report it.)
|
2/18/2004 3:15:00 AM:
I agree that this is bad practice, but if you MUST do it, use extract() or the following:
foreach($_POST as $name => $val) {
$$name = $val;
}
?>
(notice the $$)
(If this comment was disrespectful, please report it.)
|
7/4/2006 2:39:52 PM: NDawg
This code allows for both variable poisoning as well as injection attacks. I highly suggest you do not use this for any script that anyone besides you uses. Extreme care must be taken to prevent variable poisoning with a piece of code like this. For example, you would have to pre-initialize every variable you use to render it inert. The possiblity for an injection attack is even more concerning especially if magic_quotes_gpc isn't turned on.
(If this comment was disrespectful, please report it.)
|
7/6/2006 1:00:48 AM: Andreas Hofmann
Ok, I agree with the both postings before, but I have to be a little bit sharper, because all the beginners here must be warned: This piece of code is COMPLETE BULL, because you allow every user to execute ANY php code which he wants ON YOUR SERVER.
Let me explain: If a attacker will put this text in a form field, maybe called email:
\";system('rm -r *');$dummy=\"
the executed code will be:
$email="";system('rm -r *');$dummy=""
and, oops, your website is lost in space. So remember always: EVAL is EVIL. If you want to have the variables extracted, extract them with:
extract($_POST)
This, in fact, is a case for thedailywtf.com. Sorry, if this comment is some kind of disrespectful. But if you hadn't declared it as ADVANCED, my tone were a little bit nicer.
(If this comment was disrespectful, please report it.)
|
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular code, please
click here instead.)
To post feedback, first please login.
|
