Re: [PHP] Code Advice
The method that you have described below is going to produce a numerical Key which is going to result in several errors. -Kevin - Original Message - From: Jason Young [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 10:52 AM Subject: [PHP] Code Advice I (think I) have come up with an interesting little solution for pages that have/can potentially have a lot of get vars, and I just wanted to throw it by everyone to see if I know what I'm talking about... Instead of having a whole bunch of ... if (isset($_GET['var'])) $var = $_GET['var'] .. lines on top of each page.. does this code look feasable to you? - $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } - It SEEMS to work so far, I just don't want to throw this into a production environment if something's all screwy, so I figure I'll get a few hundred pairs of eyes.. I'm sure someone else probably thought of such a thing, I was just tired of having a page of 'if $_GET''s everywhere, and its scalable with just adding a word to the array, instead of two new lines. Any potential bugs? --Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Code Advice
-Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:32 The method that you have described below is going to produce a numerical Key which is going to result in several errors. Huh? What on earth does this mean? -Kevin - Original Message - From: Jason Young [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 10:52 AM Subject: [PHP] Code Advice I (think I) have come up with an interesting little solution for pages that have/can potentially have a lot of get vars, and I just wanted to throw it by everyone to see if I know what I'm talking about... Instead of having a whole bunch of ... if (isset($_GET['var'])) $var = $_GET['var'] .. lines on top of each page.. does this code look feasable to you? - $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } Yes, I suppose this is a step up from extract(). Looks fine to me, except that I'd use foreach ($get_allow as $key=$val) rather than the while() -- comes down to personal preference, I suppose. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Advice
At 18:52 06.11.2002, Jason Young spoke out and said: [snip] I (think I) have come up with an interesting little solution for pages that have/can potentially have a lot of get vars, and I just wanted to throw it by everyone to see if I know what I'm talking about... Instead of having a whole bunch of ... if (isset($_GET['var'])) $var = $_GET['var'] .. lines on top of each page.. does this code look feasable to you? - $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } - [snip] You're doing this to filter out parameters, and to emulate register_globals, right? To allow only a specific set of variables for $_GET, this loop may present an elegant solution: foreach ($_GET as $name = $value) { if (!in_array(strtolower($name), $get_allow)) unset($_GET[$name]); } Note that I'm using strtolower for array lookup. Ever had a headache with posted parameters, as to where to look for the value, in _GET or _POST? Try this: foreach ($_POST as $name = $value) $_GET[$name] = $value; Your application may safely use only the $_GET array after this, the POSTed variables correctly overriding their GET counterparts. The = reference is there for optimization - faster and less memory-consuming. Wnat to have these global after all? foreach ($_GET as $name = $value) { global $$name; $$name = $value; } Have fun, -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/
Re: [PHP] Code Advice
All I have to go by is what I see. The method was this.. ? $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } ? The array $get_allow has numerical indicies. Looping through that in the method described is going to set an integer to $key. So your first error is going to be that $_GET[0] is Undefined. Second error is going to be $$key is an invalid variable name. -Kevin - Original Message - From: Ford, Mike [LSS] [EMAIL PROTECTED] To: 'Kevin Stone' [EMAIL PROTECTED]; [EMAIL PROTECTED]; Jason Young [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 11:50 AM Subject: RE: [PHP] Code Advice -Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:32 The method that you have described below is going to produce a numerical Key which is going to result in several errors. Huh? What on earth does this mean? -Kevin - Original Message - From: Jason Young [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 10:52 AM Subject: [PHP] Code Advice I (think I) have come up with an interesting little solution for pages that have/can potentially have a lot of get vars, and I just wanted to throw it by everyone to see if I know what I'm talking about... Instead of having a whole bunch of ... if (isset($_GET['var'])) $var = $_GET['var'] .. lines on top of each page.. does this code look feasable to you? - $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } Yes, I suppose this is a step up from extract(). Looks fine to me, except that I'd use foreach ($get_allow as $key=$val) rather than the while() -- comes down to personal preference, I suppose. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Code Advice
At 19:50 06.11.2002, Ford, Mike [LSS] spoke out and said: [snip] -Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:32 The method that you have described below is going to produce a numerical Key which is going to result in several errors. Huh? What on earth does this mean? [snip] $get_allow = array('eat','it','all'); This results in an array as [0] = 'eat', [1] = 'it', [2] = 'all' while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } At execution, $key will hold the values 0,1,2. The last line of the loop will expand to $0 = $val, $1 = $val, $2 = $val. All of these are invalid identifiers (may not start with a number). The more, it does absolutely not what the coder intended. The correct loop would be while (list($key,$val)=each($get_allow)) { if (isset($_GET[$val])) { global $$val; $$val = $_GET[$val]; } } The key element is not necessary here. -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/
RE: [PHP] Code Advice
-Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:50 To: [EMAIL PROTECTED] Subject: Re: [PHP] Code Advice All I have to go by is what I see. The method was this.. ? $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } ? The array $get_allow has numerical indicies. Looping through that in the method described is going to set an integer to $key. So your first error is going to be that $_GET[0] is Undefined. Second error is going to be $$key is an invalid variable name. Mea culpa -- you're quite right, and I should read more carefully! (Well, it is 7pm and going home time) This should, of course, be done like this: $get_allow = array(..); foreach ($get_allow as $key): if (isset($_GET($key)): $$key = $_GET[$key]; endif; endforeach; Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Code Advice
-Original Message- From: Ernest E Vogelsinger [mailto:ernest;vogelsinger.at] Sent: 06 November 2002 18:49 To: [EMAIL PROTECTED] Subject: Re: [PHP] Code Advice Ever had a headache with posted parameters, as to where to look for the value, in _GET or _POST? Try this: foreach ($_POST as $name = $value) $_GET[$name] = $value; Your application may safely use only the $_GET array after this, the POSTed variables correctly overriding their GET counterparts. The = reference is there for optimization - faster and less memory-consuming. Uh... isn't this what $_REQUEST is for?? Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Advice
look well through the code you posted, it had a bug :) But we got your idea - it can be a solution for limiting input. Yet, you need to also know a way to unset unwanted variables. That can only be done by accessing $_GET or $HTTP_GET_VARS (if GET method). -- Maxim Maletsky [EMAIL PROTECTED] Ford, Mike [LSS] [EMAIL PROTECTED] wrote... : -Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:32 The method that you have described below is going to produce a numerical Key which is going to result in several errors. Huh? What on earth does this mean? -Kevin - Original Message - From: Jason Young [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 10:52 AM Subject: [PHP] Code Advice I (think I) have come up with an interesting little solution for pages that have/can potentially have a lot of get vars, and I just wanted to throw it by everyone to see if I know what I'm talking about... Instead of having a whole bunch of ... if (isset($_GET['var'])) $var = $_GET['var'] .. lines on top of each page.. does this code look feasable to you? - $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } Yes, I suppose this is a step up from extract(). Looks fine to me, except that I'd use foreach ($get_allow as $key=$val) rather than the while() -- comes down to personal preference, I suppose. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Advice
Hmm.. So then can anyone tell me why its working so far? ;) I am trying out every single function in this page in hopes to catch something, but so far I don't see any breakage - I can see there are a few ways to skin this cat.. the original code I posted DOES work.. I still may be blind to any future breakings.. that's why I posted it. Unfortunately, I'm getting responses saying that this code won't work at all - when it does.. :-/ Mike Ford wrote: -Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:50 To: [EMAIL PROTECTED] Subject: Re: [PHP] Code Advice All I have to go by is what I see. The method was this.. ? $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } ? The array $get_allow has numerical indicies. Looping through that in the method described is going to set an integer to $key. So your first error is going to be that $_GET[0] is Undefined. Second error is going to be $$key is an invalid variable name. Mea culpa -- you're quite right, and I should read more carefully! (Well, it is 7pm and going home time) This should, of course, be done like this: $get_allow = array(..); foreach ($get_allow as $key): if (isset($_GET($key)): $$key = $_GET[$key]; endif; endforeach; Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Code Advice
At 20:08 06.11.2002, Ford, Mike [LSS] spoke out and said: [snip] -Original Message- [...snip...] value, in _GET or _POST? Try this: foreach ($_POST as $name = $value) $_GET[$name] = $value; Your application may safely use only the $_GET array after this, the POSTed variables correctly overriding their GET counterparts. The = reference is there for optimization - faster and less memory-consuming. Uh... isn't this what $_REQUEST is for?? [snip] Yessir, exactly. However if you're going to fiddle around with $_GET (checking for allowed input) while allowing any $_POST'ed data, you might prefer this solution... -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/
Re: [PHP] Code Advice
At 20:13 06.11.2002, Jason Young spoke out and said: [snip] Hmm.. So then can anyone tell me why its working so far? ;) I am trying out every single function in this page in hopes to catch something, but so far I don't see any breakage - I can see there are a few ways to skin this cat.. the original code I posted DOES work.. I still may be blind to any future breakings.. that's why I posted it. Unfortunately, I'm getting responses saying that this code won't work at all - when it does.. :-/ [snip] Well - it's a miracle... I just tried the code you posted, and indeed PHP (v.4.2.2) allows numeric identifiers - BUT ONLY as long as you're accessing it indirectly. Example: $key = 0; $$key = 'some data';// works echo $$key; // works echo Key 0: $0// prints $0, not the content (wrong) echo $0;// error unexpected T_DNUMBER -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/
Re: [PHP] Code Advice
It's probably working becuase you have register_globals = ON in your php.ini and those variable names are being set by default. Your posted code is actually doing nothing. What I can't figure is why you're not getting any errors. :-\ -Kevin - Original Message - From: Jason Young [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 12:13 PM Subject: Re: [PHP] Code Advice Hmm.. So then can anyone tell me why its working so far? ;) I am trying out every single function in this page in hopes to catch something, but so far I don't see any breakage - I can see there are a few ways to skin this cat.. the original code I posted DOES work.. I still may be blind to any future breakings.. that's why I posted it. Unfortunately, I'm getting responses saying that this code won't work at all - when it does.. :-/ Mike Ford wrote: -Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:50 To: [EMAIL PROTECTED] Subject: Re: [PHP] Code Advice All I have to go by is what I see. The method was this.. ? $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } ? The array $get_allow has numerical indicies. Looping through that in the method described is going to set an integer to $key. So your first error is going to be that $_GET[0] is Undefined. Second error is going to be $$key is an invalid variable name. Mea culpa -- you're quite right, and I should read more carefully! (Well, it is 7pm and going home time) This should, of course, be done like this: $get_allow = array(..); foreach ($get_allow as $key): if (isset($_GET($key)): $$key = $_GET[$key]; endif; endforeach; Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Advice
On Wed, 6 Nov 2002, Jason Young wrote: So then can anyone tell me why its working so far? ;) It doesn't work at all like you want it to. I assume you've already put this script up on a web server to test, so watch this: After this line: $$key = $val; Insert this line for debugging: echo $key . -- . $val . br\n; Then visit the script: scriptname.php?foo=22=1 You've created something far worse than register globals. Someone already posted a decent solution, something like this: foreach( $get_allow as $get_key = $get_val ){ if( isset( $_GET[$get_val] ) ){ ${$get_val} = $_GET[$get_val]; echo $get_val . -- . $_GET[$get_val] . br\n; } } g.luck, ~Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Advice
Oh ho! Good call Mr. Vogelsinger. I would never have guessed. So infact the code DOES work. My apologies Jason, I guess ya learn something new every day. ;-) -Kevin - Original Message - From: Ernest E Vogelsinger [EMAIL PROTECTED] To: Jason Young [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 12:31 PM Subject: Re: [PHP] Code Advice At 20:13 06.11.2002, Jason Young spoke out and said: [snip] Hmm.. So then can anyone tell me why its working so far? ;) I am trying out every single function in this page in hopes to catch something, but so far I don't see any breakage - I can see there are a few ways to skin this cat.. the original code I posted DOES work.. I still may be blind to any future breakings.. that's why I posted it. Unfortunately, I'm getting responses saying that this code won't work at all - when it does.. :-/ [snip] Well - it's a miracle... I just tried the code you posted, and indeed PHP (v.4.2.2) allows numeric identifiers - BUT ONLY as long as you're accessing it indirectly. Example: $key = 0; $$key = 'some data';// works echo $$key; // works echo Key 0: $0// prints $0, not the content (wrong) echo $0;// error unexpected T_DNUMBER -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Advice
register_globals is definately off.. Maybe its a PHP miracle, as Ernest suggested.. maybe Rasmus or someone else on the PHP dev team has something to say about it, but it works.. maybe you all could use it :-D Hopefully I didn't find a bug :-o -J Kevin Stone wrote: It's probably working becuase you have register_globals = ON in your php.ini and those variable names are being set by default. Your posted code is actually doing nothing. What I can't figure is why you're not getting any errors. :-\ -Kevin - Original Message - From: Jason Young [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, November 06, 2002 12:13 PM Subject: Re: [PHP] Code Advice Hmm.. So then can anyone tell me why its working so far? ;) I am trying out every single function in this page in hopes to catch something, but so far I don't see any breakage - I can see there are a few ways to skin this cat.. the original code I posted DOES work.. I still may be blind to any future breakings.. that's why I posted it. Unfortunately, I'm getting responses saying that this code won't work at all - when it does.. :-/ Mike Ford wrote: -Original Message- From: Kevin Stone [mailto:kevin;helpelf.com] Sent: 06 November 2002 18:50 To: [EMAIL PROTECTED] Subject: Re: [PHP] Code Advice All I have to go by is what I see. The method was this.. ? $get_allow = array('foo', 'bar', 'add', 'takeovertheworld'); while (list($key,$val)=each($get_allow)) { if (isset($_GET[$key])) $$key = $val; } ? The array $get_allow has numerical indicies. Looping through that in the method described is going to set an integer to $key. So your first error is going to be that $_GET[0] is Undefined. Second error is going to be $$key is an invalid variable name. Mea culpa -- you're quite right, and I should read more carefully! (Well, it is 7pm and going home time) This should, of course, be done like this: $get_allow = array(..); foreach ($get_allow as $key): if (isset($_GET($key)): $$key = $_GET[$key]; endif; endforeach; Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Code Advice
At 20:40 06.11.2002, Jason Young spoke out and said: [snip] register_globals is definately off.. Maybe its a PHP miracle, as Ernest suggested.. maybe Rasmus or someone else on the PHP dev team has something to say about it, but it works.. maybe you all could use it :-D [snip] Jason, as Chris already pointed out, this code doesn't do what you intend to do. You don't get an error because you do not access the variable name directly - at least not the variable your code generates (which is $0, $1, $2, etc). If you did you'd get a decent parser error - but unfortunately your data hides behind these identifiers. If register_globals is off I have absolutely no idea why you still have them available. Please recheck your testing code - I'm sure you'll notice the glitch... -- O Ernest E. Vogelsinger (\) ICQ #13394035 ^ http://www.vogelsinger.at/
Re: [PHP] Code Advice
I just saw that post... I feel completely stupid at this point, might I point out. You're right - register_globals is by default 'on' on this particular server Im working on (I don't do a lot of PHP work on it), cuz its an older version and I haven't been bothered enough to upgrade it... I haven't tested it on something that has register_globals set to on. So yes.. indeed my code did absolutely nothing. Who wants to hire me? hah. Thanks for all the help, though.. I definately learned a few things and got some decent code in return to fiddle with! Thanks to all, apologies for the brain-death. -Jason Ernest E Vogelsinger wrote: At 20:40 06.11.2002, Jason Young spoke out and said: [snip] register_globals is definately off.. Maybe its a PHP miracle, as Ernest suggested.. maybe Rasmus or someone else on the PHP dev team has something to say about it, but it works.. maybe you all could use it :-D [snip] Jason, as Chris already pointed out, this code doesn't do what you intend to do. You don't get an error because you do not access the variable name directly - at least not the variable your code generates (which is $0, $1, $2, etc). If you did you'd get a decent parser error - but unfortunately your data hides behind these identifiers. If register_globals is off I have absolutely no idea why you still have them available. Please recheck your testing code - I'm sure you'll notice the glitch... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php