Re: Call a Function Held in a $_GET Var

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Shaun wrote:

Hi,

If I have a function name held in a $_GET variable for example ...&func=print_user_list how can I call the function dynamically? ie. $_GET['func']()

Thanks for your help



Well, call_user_func() [ http://www.php.net/call_user_func ] will do the job. But that is really bad, because you can get hacked really easy. Here's a small example

www.url.com/file.php?func=evilfunction

So that is _bad_ coding and not a good practise at all, but if that is the _only_ option be more than sure that you do some checking first. An example follows :

$allowed = array('first_func', 'second_func', 'third_func') {
if(in_array($_GET['func'], $allowed) { /* it's okay */ call_user_func($_GET['func']); }
else { die('Next time, sucker'; }
}

Hope this helps,

--
Josip Dzolonga
http://josip.dotgeek.org

jdzolonga[at]gmail.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux