First, I want to say thanks for your solid reply. Yet, below is a snippet of PHP.net documentation on $_REQUEST which shows that $_COOKIE is also found within $_REQUEST.
//***************** //START PHP.net Quote Request variables: $_REQUEST Note: Introduced in 4.1.0. There is no equivalent array in earlier versions. Note: Prior to PHP 4.3.0, $_FILES information was also included in $_REQUEST. An associative array consisting of the contents of $_GET, $_POST, and $_COOKIE. //END PHP.net Quote //***************** So what I need to know is: 1) By unsetting/eliminating $_REQUEST vars are we also actually unsetting/eliminating cookie vars at the same time. or 2) All these PHP arrays ($_REQUEST, $_GET, $_SESSION, $_COOKIE ... ...) are all independent of each other and carry their values discretely and basically sometimes in duplicate of each other. And manipulating the contents of one set of globals vars does not change the other set of global vars during this script run... or what? Peter -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of csnyder Sent: Tuesday, July 17, 2007 10:57 AM To: NYPHP Talk Subject: Re: [nyphp-talk] Manipulating $_REQUEST Directly On 7/16/07, Peter Sawczynec <[EMAIL PROTECTED]> wrote: > I have inherited some old legacy code that down and dirty uses $_REQUEST > to universally grab all varibales from combined GET and/or POST form > submissions. > > So I want to be equally blunt and directly chop up and massage $_REQUEST > before any code handles it. > > I want to have an array of acceptable "white list" $_REQUEST variable > names I am looking for, allow those to remain in the $_REQUEST array, > but I want all other $_REQUEST variables removed/destroyed out of > $_REQUEST. > > Then simply allow the the remaining "white list" $_REQUEST to flow into > the code. Down and dirty calls for a foreach. ;-) foreach( $_REQUEST AS $key=>$val ) { if ( !in_array( $key, $whitelist ) ) { unset( $_REQUEST[ $key ] ); } else { // do you have validation routines? // whitelist could include type info for validation... switch( $whitelist[ $key ] ) { case 'text': $_REQUEST[ $key ] = validated_text( $val ); break; } // end else } // end foreach } Maybe you were looking for something more efficient, but being able to independently validate the values might make it worth a few extra cycles, depending on whether the downstream code performs validation. -- Chris Snyder http://chxo.com/ _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
