Re: how to get var name and value from function?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



2007. 04. 14, szombat keltezéssel 08.15-kor Afan Pasalic ezt írta:
> Tijnema ! wrote:
> > On 4/14/07, Afan Pasalic <afan@xxxxxxxx> wrote:
> >> hi,
> >> this one I can't figure out:
> >>
> >> I have to assign value of an array to variable named after key of the
> >> array several times in my project to , e.g. after I submit a form with
> >> personal info I have
> >> $_POST['name'] = 'john doe';
> >> $_POST['address'] = '123 main st.';
> >> $_POST['city'] = 'urbandale';
> >> $_POST['zip'] = '12345';
> >> $_POST['phone'] = '123-456-7980';
> >> etc.
> >>
> >> Then I assign value to the var name:
> >> foreach ($_POST as $key => $value)
> >> {
> >>    ${$key} = $value;
> >> }
> >> and then validate submitted.
> >
> > Are you sure you want to do this? You never know what a hacker inserts
> > to your POST data, so he could easily define variables inside your
> > script, especially when you're using more dangerous functions like
> > system().
> I do validation after this step. :)

you should validate before this step, not after. let's say you have an
important variable called $system_setting
then someone sends you a POST with 'system_setting' in it. then you're
writing that POST value to your important variable with that foreach
stuff, and trying to validate after it - but your system_setting value
is corrupted still!

greets
Zoltán Németh

> >
> >>
> >> Though, to avoid writing all over again the same lines (even it's only 3
> >> lines) I was thinking to create a function something like:
> >>
> >> function value2var($array, $print=0)
> >> {
> >>    foreach ($_POST as $key => $value)
> >
> > I think you should change above line to :
> >
> >    foreach ($array as $key => $value)
> yup! it's print error. I meant $array.
> >>    {
> >>        ${$key} = $value;
> >>        echo ($print ==1) ? $key.': '.$value.'<br>';     // to test
> >> results and seeing array variables and values
> >>    }
> >> }
> >>
> >> value2var($_POST, 1);
> >>
> >> but, I don't know how to get info from function back to script?!?!?
> >> :-(
> >
> > Uhm, it's not even possible when you don't know the keys i believe.
> after 2 hours of testing and research I realized this too, but want to
> be sure.
> :-(
> 
> thanks.
> 
> -afan
> 
> 
> >
> > Tijnema
> >>
> >> any help appreciated.
> >>
> >> -afan
> >
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux