I developed the function importVars to make my life easier. And I use it ALL the time!!! I had a PHP application which would assume that all variables would be globalised, and then I upgraded my PHP version (obviously I then had many broken pages). To fix this, I only had to add a line or two to my pages and it was all fixed! (You must put the function into a file that is included at the top of every page)
importVars($_GET); // import all variables from $_GET
// or we use this
importVars($_GET,'id'); // import only $id
importVars($_POST,'name,email,comment'); // import $name, $email and $comment
To the best of my knowledge this is secure. This function also allows you to reference variables that you would expect (but may not actually appear).
Eg. mypage.php?var1=something
We're expecting $var1 and $var2 in the querystring, but $var2 does not exist
so in our code we will have this:
importVars($_GET,'var1,var2');
if (!$var1) echo 'where is var1?';
if (!$var2) echo 'where is var2?';
Anyways, there's a few more advantages, but I think you get the picture.
Adam
/******** VARIABLE HANDLING FUNCTIONS ********/
/*
Credit given to: Maxim Maletsky <subscriptions@phpbeginner.com>
Alter variables for the versions prior to 4.1.0
NOTE: $_REQUEST global variable is NOT supported.
*/
if (strnatcasecmp('4.1.0', PHP_VERSION) >= 0) {
foreach(Array(
'_GET' => 'HTTP_GET_VARS',
'_POST' => 'HTTP_POST_VARS',
'_COOKIE' => 'HTTP_COOKIE_VARS',
'_SESSION' => 'HTTP_SESSION_VARS',
'_SERVER' => 'HTTP_SERVER_VARS',
'_ENV' => 'HTTP_ENV_VARS',
'_FILES' => 'HTTP_POST_FILES'
) as $transvar['new'] => $transvar['old']) {
if (isset($$transvar['old']) and is_array($$transvar['old'])) {
$GLOBALS[$transvar['new']] = &$$transvar['old'];
}
}
// Unset transvar, we do not need it anymore.
unset($transvar);
}
/******************************************************************************\
| Function: importVars() v1 7/10/02
|
| Author: Adam Royle 2002 - ifunk@myrealbox.com
|
| Used for: Importing variables into global scope from $_GET, $_POST, $_SESSION, etc.
|
| Params: $arrVarType - $_GET | $_POST | $_SESSION | $_COOKIES | $_SERVER | $_ENV
| $strVarList - specify which variables to import (comma delimited string)
| - if this is not supplied it imports all variables
| $strSlashes - specifies whether to add slashes or remove slashes
| - it reads your php.ini setting of magic_quotes so it doesn't
| - double slash automatically
|
| Examples:
| importVars($_GET,'pageID, ref'); // gets pageID and ref from querystring
| importVars($_SESSION,'admin'); // gets admin from session
| importVars($_POST); // grabs all post data
| importVars($_COOKIES,'userDesc','STRIP'); // gets userDesc from cookies
| and strips slashes
|
\******************************************************************************/
function importVars(&$arrVarType, $strVarList='', $strSlashes='ADD')
{
if (!trim($strVarList)){
// import all variables from $arrVarType
foreach($arrVarType as $var => $value){
$GLOBALS[$var] = $value;
}
} else {
// only import variables in $strVarList
$arrVarList = explode(',',$strVarList);
foreach($arrVarList as $var){
$var = trim($var);
if (isset($arrVarType[$var])){
if (strtoupper($strSlashes) == 'ADD' && !get_magic_quotes_gpc()){
$GLOBALS[$var] = addslashes($arrVarType[$var]);
} elseif (strtoupper($strSlashes) == 'STRIP' && get_magic_quotes_gpc()){
$GLOBALS[$var] = stripslashes($arrVarType[$var]);
} else {
$GLOBALS[$var] = $arrVarType[$var];
}
} else {
$GLOBALS[$var] = '';
}
}
}
}
--
ADAM ROYLE
Multimedia Developer
Big Bridge
83 Main Street
Kangaroo Point Q 4169
Ph: 61 7 3435 1800
Fx: 61 7 3435 1810
http://www.bigbridge.com.au
