DZone
Web Dev Zone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
  • Refcardz
  • Trend Reports
  • Webinars
  • Zones
  • |
    • Agile
    • AI
    • Big Data
    • Cloud
    • Database
    • DevOps
    • Integration
    • IoT
    • Java
    • Microservices
    • Open Source
    • Performance
    • Security
    • Web Dev
DZone > Web Dev Zone > Working with Request objects in PHP (II). Back to the past

Working with Request objects in PHP (II). Back to the past

Gonzalo Ayuso user avatar by
Gonzalo Ayuso
·
Nov. 11, 11 · Web Dev Zone · Interview
Like (0)
Save
Tweet
2.99K Views

Join the DZone community and get the full member experience.

Join For Free

In one of my last post “Working with request objects in PHP”, I wrote a simple library to handle request objects. According that post let’s do a bit of history of PHP. In the early years of PHP (PHP3 – PHP4) one of the cool features of PHP was the “variable injection” inside our projects with register_globals=on. If you had the following a url:

index.php?parameter1=Hi

Your script had magically a variable called $parameter1 with the value “Hi”. This feature has horrible security problems, if our user can inject variables in our scripts, especially with a loose typing program language like PHP. Because of that we all swap from those injected variables to get the value from $_POST and $_GET superglobals. In fact “injected variables” are disabled long time ago within PHP configuration.

Nowadays we don’t use $_POST $_GET superglobals directly. We need to filter the input. Because of that I wrote RequestObject library. Now we’re going to back to the past and allow the use of injected variables, but filtered.

RequestObject has now an extra public function called getFilteredParameters. This function returns an array with all already filtered input parameters. So if we use “extract” function we can create variables for each input parameters, but with the filtered values:

class Request extends RequestObject
{
    /** @cast string */
    public $param1;
    /**
     * @cast string
     * @default default value
     */
    public $param2;
}

$request = new Request();
extract($request->getFilteredParameters());

echo "param1: <br/>";
var_dump($param1);
echo "<br/>";

echo "param2: <br/>";
var_dump($param2);
echo "<br/>";

Full library available on github here

From http://gonzalo123.wordpress.com/2011/11/07/working-with-request-objects-in-php-ii-back-to-the-past/

PHP Requests Object (computer science)

Opinions expressed by DZone contributors are their own.

Popular on DZone

  • Modern REST API Design Principles and Rules
  • What Do Great Engineering Managers Need To Know About Compensation and Equity?
  • Stupid Things Orgs Do That Kill Productivity w/ Netflix, FloSports & Refactoring.club
  • Application Scalability — How To Do Efficient Scaling

Comments

Web Dev Partner Resources

ABOUT US

  • About DZone
  • Send feedback
  • Careers
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • MVB Program
  • Become a Contributor
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 600 Park Offices Drive
  • Suite 300
  • Durham, NC 27709
  • support@dzone.com
  • +1 (919) 678-0300

Let's be friends:

DZone.com is powered by 

AnswerHub logo