tHud Posted May 21, 2010 Share Posted May 21, 2010 Hi I would like to use a script that could capture GET or POST variables. As I am relatively new to PHP I am not using OOP so have a script that feeds back either POST or GET. As the script doesn't know what it's going to receive, I have been doing this sort of thing... $PARAMS = (count ($HTTP_POST_VARS )) ? $HTTP_POST_VARS : $HTTP_GET_VARS; foreach ($PARAMS as $key=>$value){ if ($key == "product") {Product(); } if ($key == "catalog") {Category(); } if ($key == "quality") {Quality(); } if ($key == "featured") {Featured(); } } But I don't think this is right, is it? Cold someone direct me to a better way to catch a 'variety' of different inputs/ variables? I'm sorry if I'm not being clear, I'm just trying to improve my understanding and I'm kind of vague on the whole issue right now Quote Link to comment Share on other sites More sharing options...
leehanken Posted May 22, 2010 Share Posted May 22, 2010 I think something to bear in mind is that there could be both post AND get parameters at the same time, so it might be worth checking each. One feature of php is the $_REQUEST array which is discussed here: http://php.net/manual/en/reserved.variables.request.php with some useful code examples in the comments. The approach you describe is perfectly valid. A switch statement might make it clearer: ... switch($key) { case 'product': Product(); break; case 'category': Category(); break; case 'quality': Quality(); break; case 'featured': Featured(); break; } ... or even, this (very unsecure) code: ... $key = ucfirst(strtolower($key)); if function_exists($key) call_user_function($key,$value); ... Quote Link to comment Share on other sites More sharing options...
tHud Posted May 22, 2010 Author Share Posted May 22, 2010 Thank you very much for the response. I will certainly follow the link you suggested. May I ask* why you say the second code snippet is "very unsecure"? Thanks again * cos it looks pretty cool to my (inexperienced) eye Quote Link to comment Share on other sites More sharing options...
leehanken Posted May 22, 2010 Share Posted May 22, 2010 Just that it takes whatever parameter the browser sends to it, and calls a function of that name if the function exists. This would be insecure if a hacker wanted to call some function in your code they could pass anything. This should really not be a problem for educational use. Quote Link to comment Share on other sites More sharing options...
tHud Posted May 22, 2010 Author Share Posted May 22, 2010 Ah ok - thanks for explaining that Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.