Jump to content

Extract $_REQUEST Explain

signature16

By signature16
in PHP Coding Help

 Share

Recommended Posts

genericnumber1 Member

genericnumber1

Posted
Posted

it does exactly as you said it does...

 

 

dont do it...

 

 

do - not - do - it

 

 

you don't know what variables are in the REQUEST array, the hacker could put whatever variables he wanted in there... it will eat an insecure script alive...

extracting the request array is exactly, and I mean EXACTLY the same as register_globals http://php.net/register_globals

 

I hope you enjoyed my overreacting :D! it IS a big security problem though, so... yeah.... dont do it

jitesh Member

jitesh

Posted
Posted
This is just like as register global ON for extract($_REQUEST).

 

extract is regarding array

Suppose you have array.

 

$any_array = array('fruit'=>'apple','icecreme'=>'chocalate','vegetable'=>'potato');

 

extract($any_array);

Now do like this

echo $fruit; // apple

echo $icecreme; //chocalate

echo $vegitable; // Potato;

 

In sort the key of array will be the variable and the value corresponding to the key will be the value for the variable.

 

extract

(PHP 3 >= 3.0.7, PHP 4, PHP 5)

 

extract -- Import variables into the current symbol table from an array

Description

int extract ( array var_array [, int extract_type [, string prefix]] )

 

 

This function is used to import variables from an array into the current symbol table. It takes an associative array var_array and treats keys as variable names and values as variable values. For each key/value pair it will create a variable in the current symbol table, subject to extract_type and prefix parameters.

 

Note: Beginning with version 4.0.5, this function returns the number of variables extracted.

 

Note: EXTR_IF_EXISTS and EXTR_PREFIX_IF_EXISTS were introduced in version 4.2.0.

 

Note: EXTR_REFS was introduced in version 4.3.0.

 

extract() checks each key to see whether it has a valid variable name. It also checks for collisions with existing variables in the symbol table. The way invalid/numeric keys and collisions are treated is determined by the extract_type. It can be one of the following values:

 

 

EXTR_OVERWRITE

If there is a collision, overwrite the existing variable.

 

EXTR_SKIP

If there is a collision, don't overwrite the existing variable.

 

EXTR_PREFIX_SAME

If there is a collision, prefix the variable name with prefix.

 

EXTR_PREFIX_ALL

Prefix all variable names with prefix. Beginning with PHP 4.0.5, this includes numeric variables as well.

 

EXTR_PREFIX_INVALID

Only prefix invalid/numeric variable names with prefix. This flag was added in PHP 4.0.5.

 

EXTR_IF_EXISTS

Only overwrite the variable if it already exists in the current symbol table, otherwise do nothing. This is useful for defining a list of valid variables and then extracting only those variables you have defined out of $_REQUEST, for example. This flag was added in PHP 4.2.0.

 

EXTR_PREFIX_IF_EXISTS

Only create prefixed variable names if the non-prefixed version of the same variable exists in the current symbol table. This flag was added in PHP 4.2.0.

 

EXTR_REFS

Extracts variables as references. This effectively means that the values of the imported variables are still referencing the values of the var_array parameter. You can use this flag on its own or combine it with any other flag by OR'ing the extract_type. This flag was added in PHP 4.3.0.

 

 

If extract_type is not specified, it is assumed to be EXTR_OVERWRITE.

 

Note that prefix is only required if extract_type is EXTR_PREFIX_SAME, EXTR_PREFIX_ALL, EXTR_PREFIX_INVALID or EXTR_PREFIX_IF_EXISTS. If the prefixed result is not a valid variable name, it is not imported into the symbol table. Prefixes are automatically separated from the array key by an underscore character.

 

extract() returns the number of variables successfully imported into the symbol table.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.