Is there a way or piece of code that looks for POST and GET data and turns them into normal variables? I mean it to make: $_POST["hello"] = "Wow." into $hello = "Wow." But also be able to do it automatically and with many POSTS and GETS, so like this: $_POST["name"]="John"; $_GET["email"]="john@john.com"; $_POST["sex"]="male"; into $name="John"; $email="john@john.com"; $sex="male"; I know the second example is impossible (you can't get GET and POST data at the same time (or so I know), but the idea is that whether the page gets a GET or a POST variable it should turn it into variables automatically. So is there a function or something that can help me?

Reputation:

Auto process POST and GET in PHP

Is there a way or piece of code that looks for POST and GET data and turns them into normal variables?

I mean it to make:

$_POST["hello"] = "Wow."

into

$hello = "Wow."

But also be able to do it automatically and with many POSTS and GETS, so like this:

$_POST["name"]="John"; 
$_GET["email"]="[email protected]"; 
$_POST["sex"]="male";

into

$name="John"; 
$email="[email protected]"; 
$sex="male";

I know the second example is impossible (you can't get GET and POST data at the same time (or so I know), but the idea is that whether the page gets a GET or a POST variable it should turn it into variables automatically.

So is there a function or something that can help me?

Upvotes: 0

Answers (3)

Malodorous Funk

Reputation: 1

I realize this is a very old post, but here's an answer if anyone is looking.

There's a safe way to automate this without using extract on $_POST, which is a security risk as mentioned. This function will work for $_POST if you feed it a simple array of keys you expect.

function post_params($arr){

    $pp = array();
    foreach($arr AS $key){
        if(isset($_POST[$key])){
            $pp[$key] = $_POST[$key];
        }
    }

    return $pp;
}

Then when you call the function, do this:

$expected_post_keys = array('firstname','lastname');
$safe_post_arr = post_params($expected_post_keys);
extract($safe_post_arr);

For $_GET you can take a couple of extra measures like so (you could do it this way for $_POST as well):

function get_params($arr){
    // arr predefined explicitly - do not call with _GET as argument
    $gp = array();
    foreach($arr as $key){

        if(isset($_GET[$key])){
            $gp[$key] = htmlspecialchars($_GET[$key]);
        }else{
            $gp[$key] = 0;
        }

    }
    return $gp;
}

and when you call the function:

$valid_get_keys = array('id','action');
$safe_get_arr = get_params($valid_get_keys);
extract($safe_get_arr );

This method gives you every variable/key you expect, but if they aren't defined in $_GET they will have a value of 0.

If you have to do this often, just put both methods in a class and you are automated. Any script where you need to retrieve _GET or _POST you can call the class then call whatever method you need by feeding it the necessary keys.

Upvotes: 0

dan-lee

Reputation: 14502

You can use extract(): extract($_REQUEST); ($_REQUEST combines $_POST and $_GET)

But I would consider it as bad practice, because it adds some black magic to your code which can lead to unpredictable situations. Also it's easily exploitable:

Consider that you have a variable: $secret = 100; which nobody should change.
Now comes a kinky user and injects following POST variable in a form submit: $_POST['secret'] = 200;
There you have the exploitation!

Upvotes: 1

ro ko

Reputation: 2986

You can use Extract, It works for all type of arrays.

<?php

/* Suppose that $var_array is an array returned from
   wddx_deserialize */

$size = "large";
$var_array = array("color" => "blue",
                   "size"  => "medium",
                   "shape" => "sphere");
extract($var_array, EXTR_PREFIX_SAME, "wddx");

echo "$color, $size, $shape, $wddx_size\n";

?>

Edit: I wouldn't consider as a good practise though

Upvotes: 1

Auto process POST and GET in PHP

Answers (3)

Related Questions