Skip to main content

A useful shortcut in PHP 5

Recently I started using a shortcut for my $_GET variables in PHP 5. It seems that instead of doing the following:

<?php
    $page = $_GET['page'];
    $article = $_GET['article'];
?>

There is an easier way where all the $_GET variables can be assigned automatically.

The function is called parse_str(). See the example below:

<?php
    //example url is: http://www.test.com/index.php?page=home&article=934
    parse_str($_SERVER['QUERY_STRING']);
    //this would give the following:
    //$page = "home"
    //$article = "934"
?>

So this function uses the ampersand sign (&) to divide the string and assign the elements to variables. I wonder if it works with the validation rules of W3C, because normal & are not allowed in a URL query string. One must use &amp; instead.

UPDATE: It does work with the &amp; hardcoded in a URL. The URL shows a normal & sign, so PHP just parses it like a normal symbol.

Labels:

Comments

Thijs Zumbrink said…
Isn't this unsafe? Reminds me a lot of "register globals" which becomes deprecated in PHP6 with good reason.
December 8, 2010 at 1:43 AM
Francis Laclé said…
Ha Thijs, correct me if I'm wrong but aren't these as secure as using standard $_GET variables? The only difference is that here you would get an extra $x variable besides just a $_GET['x']. If I don't have this implemented and I add something like &hack=bla in the URL, then PHP would generate $_GET['hack']=bla. Because I'm not doing anything with $hack or $_GET['hack'] in my own code nothing would happen to it. The only risk is when the value of 'hack' would get injected with another value, which isn't really a risk because sensitive data are either stored in POST or SESSION vars.
December 10, 2010 at 2:15 PM
Post a Comment

Popular posts from this blog

But Google what about mobile phones that do not support Javascript?

In the global device market, there are still between 0.2% and 5.4% of phones that do not support Javascript, at least in these set of countries according to this site. In case your mobile website falls within this set than what do you do when you want to optimize CSS delivery by deferring the loading of some CSS but still serving the complete CSS to non-Javascript websites?
33 comments
Read more

A Short Online Letter to the Board of Alphabet Inc.

Dear Chairman Hennessy, I would like to openly share a question that kept coming back to me in the past couple of days, and that gave me courage to write a short open letter for the first time in my life. While catching up with daily news I came across a couple of articles in the past week alone, namely on the world’s remaining wilderness areas that are under threat . That the Earth’s oceans have retained 60 percent more heat each year than we’ve previously thought, that humanity has wiped out 60% of animal populations since 1970, that China has legalised rhino horn and tiger bone usage after 25 years, to calling for urgent action to develop technologies for negative emissions because our clean energy efforts won’t be enough. Here’s the question: is there actually a future for us, for your company, for humanity and our natural environment? What we do today will lay down the trajectory for our carrying capacity on Earth. Instead of investing in self-driving transportation and
Post a Comment
Read more