Using $_GET names as a variable name

[Goldeneye]

What I'm trying to do is take the keyname of a $_GET variable, and create a variable-name with it.

An example:

<?php
if(isset($_GET['foobar'])){
$foobar = intval($_GET['foobar']);
}
?>

So I'm trying to take $_GET['foobar'] and extract the 'foobar' from it; append a '$' to the extracted name.

 

BUT here's the tricky part. I'm trying to generate these variables through a loop while putting all the $_GET names I want generated, into an array().

 

<?php
$URLarray = array($_GET['foo'], $_GET['bar'], $_GET['var']);
function setDefaults($URLarray){
	$x = '$';
	$URLvar = explode($URLarray, ', ');
	for($i=0; $i <= count($URLvar); $i++){
		$x.key($URLvar[$i]) = mysql_real_escape_string(intval($URLvar[$i]));
	}
}
?>

I thought it would've worked, but I get a Parse Error which tells me there's an unexpected '=' on the line with:

$x.key($URLvar[$i]) = mysql_real_escape_string(intval($URLvar[$i]));.

 

I don't have to do it this way, I could simply define every single variable I need, but there are a lot of variables and I thought this would save a kilobyte or two in filesize.

 

I'm sure I'm doing something wrong and that I don't even have to explode the $URLarray variable, but I did try that and it just returned '0'.

[ratcateme]

try changing it to

$$x.key($URLvar[$i]) = mysql_real_escape_string(intval($URLvar[$i]));

 

Scott.

[Goldeneye]

It didn't seem to do anything; it still returns "Parse error: syntax error, unexpected '=' ..."

[DarkWater]

Check out the extract() function.  I'd personally advise against it and just plan out which variables will definitively be sent to the page.  No guesswork should be used when dealing with user input.

[Goldeneye]

I was thinking of using the extract() function; then I thought it wouldn't be a good idea in case someone discovered a way to overwrite the $_GET variables. I guess it's the same here too. Though, it'd great if there was a secure way to do this.