Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Working with Request objects in PHP (II). Back to the past

DZone's Guide to

Working with Request objects in PHP (II). Back to the past

· Web Dev Zone
Free Resource

Add user login and MFA to your next project in minutes. Create a free Okta developer account, drop in one of our SDKs to your application and get back to building.

In one of my last post “Working with request objects in PHP”, I wrote a simple library to handle request objects. According that post let’s do a bit of history of PHP. In the early years of PHP (PHP3 – PHP4) one of the cool features of PHP was the “variable injection” inside our projects with register_globals=on. If you had the following a url:

index.php?parameter1=Hi

Your script had magically a variable called $parameter1 with the value “Hi”. This feature has horrible security problems, if our user can inject variables in our scripts, especially with a loose typing program language like PHP. Because of that we all swap from those injected variables to get the value from $_POST and $_GET superglobals. In fact “injected variables” are disabled long time ago within PHP configuration.

Nowadays we don’t use $_POST $_GET superglobals directly. We need to filter the input. Because of that I wrote RequestObject library. Now we’re going to back to the past and allow the use of injected variables, but filtered.

RequestObject has now an extra public function called getFilteredParameters. This function returns an array with all already filtered input parameters. So if we use “extract” function we can create variables for each input parameters, but with the filtered values:

class Request extends RequestObject
{
    /** @cast string */
    public $param1;
    /**
     * @cast string
     * @default default value
     */
    public $param2;
}

$request = new Request();
extract($request->getFilteredParameters());

echo "param1: <br/>";
var_dump($param1);
echo "<br/>";

echo "param2: <br/>";
var_dump($param2);
echo "<br/>";

Full library available on github here

From http://gonzalo123.wordpress.com/2011/11/07/working-with-request-objects-in-php-ii-back-to-the-past/

Launch your application faster with Okta’s user management API. Register today for the free forever developer edition!

Topics:

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}