gettype
Regarding the last post:
When $_GET[$k] is compared against NULL or '' (empty string) inside the foreach loop, it should be compared only against one of the expressions or strict equality operator should be used.
In this case, second part of expression ($_GET[$k] == NULL) will be *never* executed, because of NULL gets converted to empty string.
Also be aware that zero is equal (==) to empty string, so if passing zeroes through the $_GET, use strict comparsion to check whether variable exist or not.
Next notice: when nothing will be set into $_GET array, all comparsions will generate lot of E_NOTICE errors, because you are accessing unassigned variable.
<?
// Slightly modified previous example
$input = array('name' => null, 'age' => 26) ;
// 26 is the default age, if $_GET['age'] is empty or not set
/**
* Extracts $_GET variables to global scope by the definition from the $input array
* @return void
*/
function extract_get() {
global $input;
if (isset($input) && is_array($input)) foreach ($input as $k => $v) {
if (!isset($_GET[$k])) {
$GLOBALS[$k] = $v;
continue;
}
$getval = $_GET[$k];
if ($getval === null || $getval === '') {
$getval = $v;
} elseif (is_numeric($v)) {
$getval = (int) $getval;
} elseif (get_magic_quotes_gpc() == 1) {
$getval = stripslashes_deep($getval);
}
$GLOBALS[$k] = $getval;
unset($getval);
}
}
/**
* Performs stripslashes function recursively on the array or on the single variable
* @param mixed $var Variable - can be scalar variable or the array
* @return mixed Variable with slashes stripped with function stripslashes()
*/
function stripslashes_deep($var) {
if (!is_array($var))
return stripslashes($var);
foreach($var as $k => $v) {
$var[$k] = stripslashes_deep($v);
}
return $var;
}
?>
import_request_variables
(PHP 4 >= 4.1.0, PHP 5)
import_request_variables — Importă variabilele GET/POST/Cookie în circumstanţa globală
Descrierea
bool import_request_variables
( string $types
[, string $prefix
] )
Importă variabilele GET/POST/Cookie în circumstanţa globală. Această funcţie este utilă dacă aţi dezactivat register_globals, însă doriţi să aveţi acces la unele variabile din circumstanţa globală.
Dacă vă interesează importul altor variabile în circumstanţa globală, cum ar fi $_SERVER, consideraţi utilizarea extract().
Parametri
- types
-
Utilizând parametrul types puteţi specifica care variabile de interpelare vor fi importate. Puteţi utiliza caracterele 'G', 'P' şi 'C' respectiv pentru GET, POST şi Cookie. Nu importă dacă caracterele sunt majuscule sau minuscule, de aceea puteţi utiliza orice combinaţie cu 'g', 'p' şi 'c'. POST include şi informaţia despre fişierele încărcate prin metoda POST.
Notă: Observaţi că ordinea literelor contează, de aceea la utilizarea "GP" variabilele POST vor acoperi variabilele GET cu acelaşi nume. Orice alte litere decât GPC sunt ignorate.
- prefix
-
Prefixul denumirilor variabilelor, plasat înaintea denumirilor tuturor variabilelor importate în circumstanţa globală. Deci dacă aveţi o valoare GET denumită "userid" şi indicaţi prefixul "pref_", atunci veţi obţine o variabilă globală denumită $pref_userid.
Notă: Cu toate că parametrul prefix este opţional, veţi obţine o eroare de nivel E_NOTICE dacă nu specificaţi un prefix, sau specificaţi un string vid în calitate de prefix. Acesta probabil că nu este un pericol de securitate. Erorile de nivel notice nu sunt afişate la nivelul de raportare al erorilor implicit.
Valorile întroarse
Întoarce valoarea TRUE în cazul succesului sau FALSE în cazul eşecului.
Exemple
Example #1 Exemplu import_request_variables()
<?php
// Aceasta va importa variabilele GET şi POST
// şi le va prefixa cu "rvar_"
import_request_variables("gp", "rvar_");
echo $rvar_foo;
?>
Vedeţi de asemenea
- $_REQUEST
- register_globals
- Variabilele predefinite
- extract() - Import variables into the current symbol table from an array
add a note
User Contributed Notesimport_request_variables
michal dot kocarek at NO_SPAM dot seznam dot cz
23-Sep-2007 09:47
23-Sep-2007 09:47
samb06 at gmail dot com
15-May-2006 11:09
15-May-2006 11:09
What i do is have a small script in my header file that takes an array called $input, and loops through the array to extract variables. that way the security hole can be closed, as you specify what variables you would like extracted
$input = array('name' => null, 'age' => 26) ;
// 26 is the default age, if $_GET['age'] is empty or not set
function extract_get()
{
global $input ;
if ($input)
{
foreach ($input as $k => $v)
{
if ($_GET[$k] == '' or $_GET[$k] == NULL)
{
$GLOBALS[$k] = $v ;
}
else
{
$GLOBALS = $_GET[$k] ;
}
}
}
}
jason
08-Jul-2005 07:35
08-Jul-2005 07:35
reply to ceo AT l-i-e DOT com:
I don't think it's a risk, as all of your request variables will be tagged with the prefix. As long as you don't prefix any of your internal variables with the same, you should be fine.
If someone tries to access an uninitiated security-related variable like $admin_level through request data, it will get imported as $RV_admin_level.
nexxer at rogers dot com
11-Feb-2005 06:47
11-Feb-2005 06:47
PHP5 seems to have fixed that, in the sense that import_request_variables("g") works like extract($_GET). It doesn't seem to be passing a reference to the global, but instead creating a copy of it as expected
cornflake4 at gmx dot at
10-Jan-2005 10:52
10-Jan-2005 10:52
oops, a typo in my comment:
The last line in the second example (the on using the extract() function) should read:
echo $_GET['var']; # prints 1, so $_GET has been unchanged
cornflake4 at gmx dot at
09-Jan-2005 05:39
09-Jan-2005 05:39
Beware:
import_request_variables() does not copy the request variables into local scope variables. Instead, it copies the *reference* to the request variable content to local variables Important implication: any change to the local variable means a changes to the respective request variable, too!
This is a clear difference to extract($_GET) which copies the content of the request variables into local variables.
To shed some light on the implication, consider this (assuming the query string "...&var=1"):
echo $_GET['var']; # prints: 1
import_request_variables();
echo $var; # prints 1
$var = 2;
echo $_GET['var']; # prints 2 !!!!
So, $_GET has changed as well!
On the other hand:
echo $_GET['var']; # prints: 1
extract($_GET);
echo $var; # prints 1
$var = 2;
echo $_GET['var']; # prints 2 !!!!
Because of this, I recommend NOT using import_request_variables(), but extract($_GET); extract($_POST); extract($_COOKIE); instead, since this combination bears not these unexspected side effects.
PS: not to mention that you have to reconsider your coding style if any need to import_request_variables arises at all!
ceo AT l-i-e DOT com
10-Dec-2004 08:56
10-Dec-2004 08:56
Call me crazy, but it seems to me that if you use this function, even WITH the prefix, then you might as well just turn register_globals back on...
Sooner or later, somebody will find a "hole" with your prefixed variables in an un-initialized variable.
Better to import precisely the variables you need, and initialize anything else properly.
brian at enchanter dot net
07-Dec-2004 01:19
07-Dec-2004 01:19
import_request_variables does *not* read from the $_GET, $_POST, or $_COOKIE arrays - it reads the data directly from what was submitted. This is an important distinction if, for example, the server has magic_quotes turned on and you massage the data to run stripslashes on it; if you then use import_request_variables, your variables will still have slashes in them.
In other words: even if you say $_GET=""; $_POST=""; then use import_request_variables, it'll still get all the request data.
If you change the contents of $_GET and you then want to bring this data into global variables, use extract($_GET, EXTR_PREFIX_ALL, "myprefix") instead.