Jump to content

Correct way to handle unknown GET or POST input


tHud

Recommended Posts

Hi :)

 

I would like to use a script that could capture GET or POST variables.

 

As I am relatively new to PHP I am not using OOP so have a script that feeds back either POST or GET.

 

As the script doesn't know what it's going to receive, I have been doing this sort of thing...

 


$PARAMS = (count ($HTTP_POST_VARS )) ? $HTTP_POST_VARS : $HTTP_GET_VARS;
foreach ($PARAMS as $key=>$value){ 
if ($key == "product")	{Product();     }
if ($key == "catalog") 	{Category();  }
if ($key == "quality")       {Quality();      }
if ($key == "featured")    {Featured();   }
}


 

But I don't think this is right, is it?

Cold someone direct me to a better way to catch a 'variety' of different inputs/ variables?

 

I'm sorry if I'm not being clear, I'm just trying to improve my understanding and I'm kind of vague on the whole issue right now :(

 

 

 

 

I think something to bear in mind is that there could be both post AND get parameters at the same time, so it might be worth checking each. One feature of php is the  $_REQUEST array which is discussed here: http://php.net/manual/en/reserved.variables.request.php with some useful code examples in the comments.

 

The approach you describe is perfectly valid. A switch statement might make it clearer:

...
switch($key) {
case 'product': Product(); break;
case 'category': Category(); break;
case 'quality': Quality(); break;
case 'featured': Featured(); break;
}
...

 

or even, this (very unsecure) code:

 

...
$key = ucfirst(strtolower($key));
if function_exists($key) call_user_function($key,$value);
...

Just that it takes whatever parameter the browser sends to it, and calls a function of that name if the function exists. This would be insecure if a hacker wanted to call some function in your code they could pass anything.

 

This should really not be a problem for educational use.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.