I've been working on a way to strip invalid characters from user input with
little or no need to rip the hair out of my head, and I learned some
interesting things in the process.
For one thing, hair really is stuck in there good, man.
But the important thing is how to increase your global namespace, make
debugging and refining user-input easier, make your scripts more readable
(arguably), and maybe even make your scripts a little more secure in the
process.
And all it requires is one single little line being present in either an
included file, or at the top of your script.
*basks in the beauty of the variable variable*
And that line is (actually it's two lines, but one is a comment to make
things easier on people who read your code):
// To refer to variables submitted via GET or POST use: ${$f}["
$f = 'HTTP_' . $HTTP_SERVER_VARS["REQUEST_METHOD"] . '_VARS';
Now, if someone submits a form with the field "email", you refer to it in
your code as:
${$f}["email"]
It works if it was submitted via POST or GET, so you never have to worry
about needing one feature or the other. And if you do want to lock it in to
POST only, you just do:
$f = 'HTTP_POST_VARS';
...right at the top of the script where you want to lock it in. It
effectively reduces having to type $HTTP_POST_VARS to ${$f} (hard to type at
first, I know).
And now you can instantly know what variable is suppose to be user
submitted, and what isn't. And you can now safely turn off register.globals
in your .ini file, or run your script in a place where register.globals is
off (track_vars must be enabled, but I don't know anyone who actually turns
it off, and it's always enabled in version 4.0.3+).
The reason for not just using $email to refer to the "email" field is
something I recently found out.
If you change the value of $HTTP_POST_VARS["email"], it will not change the
value of $email! Doh! So my great big script which flawlessly strips all
invalid characters from POST, COOKIE, and GET global variables did squat.
I've fallen in love with variable variables, I admit it. Oh how I love them
so...
...anyway, I just thought some of you might benefit from my discovery of
variable variables using REQUEST_METHOD, since I've never actually seen it
used in any scripts (I actually got the idea from "Decae", a programmer at
Evernight...I have no idea when he figured it out). So I hope it helps some
of you out.
Enjoy!
--
Plutarck
Should be working on something...
...but forgot what it was.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
