Reputation: 3301
Can anyone explain the following PHP Code?
Can anyone explain the following PHP Code ?
function get_param($param_name, $param_type = 0)
{
global $HTTP_POST_VARS, $HTTP_GET_VARS;
$param_value = "";
if (isset($_POST)) {
if (isset($_POST[$param_name]) && $param_type != GET)
$param_value = $_POST[$param_name];
elseif (isset($_GET[$param_name]) && $param_type != POST)
$param_value = $_GET[$param_name];
} else {
if (isset($HTTP_POST_VARS[$param_name]) && $param_type != GET)
$param_value = $HTTP_POST_VARS[$param_name];
elseif (isset($HTTP_GET_VARS[$param_name]) && $param_type != POST)
$param_value = $HTTP_GET_VARS[$param_name];
}
return strip($param_value);
}
function strip($value)
{
if (get_magic_quotes_gpc() == 0) {
return $value;
} else {
return stripslashes($value);
}
}
UPDATE
It is used like this:
$xml = get_param('xml');
Upvotes: 2
Views: 1862
Answers (5)
Reputation: 5927
The code gets the value from the get and post data arrays. It also strips slashes on php installations that have magic quotes enabled. It looks like the function is made for backwards compatibility with older version of PHP. I wouldn't use this unless you are required to support older versions of PHP.
You don't need to make any changes for this to work in PHP 5, however I would just do the following: For Get data:
if(isset($_GET['param_name'])){
// What ever you want to do with the value
}
For Post data:
if(isset($_POST['param_name'])){
// What ever you want to do with the value
}
You should also read up on Magic Quotes since it was not deprecated till PHP 5.3.0 and you may need to be concerned about it.
The updated function could also be written as:
function get_param($param_name, $param_type = 0)
{
$param_value = "";
if (isset($_POST[$param_name]) && $param_type != GET){
$param_value = $_POST[$param_name];
}
elseif (isset($_GET[$param_name]) && $param_type != POST){
$param_value = $_GET[$param_name];
}
return strip($param_value);
}
Strip can be left alone.
Upvotes: 4
Reputation: 60150
The code is a function that takes a parameter's name ($param_name) and the HTTP request type it's expected to be found in (GET or POST), then looks through the current ($_GET and $_POST) and deprecated ($HTTP_GET_VARS and $HTTP_POST_VARS) request variable arrays for a value matching that name. Before it returns, it tries to strip extra slashes out of the value it found.
So for example, if I passed this HTTP request:
http://www.example.com/explain_function.php?key=valuethen ran the function
get_param("key", "GET");It would return "value".
Upvotes: 1
Reputation: 153
Looks like some insane way of making sure you're getting the correct GET/POST vars. Most of the code from get_param() seems to be a way to make the code work on almost any php version, since it's using the legacy methods, you should have a look at the PHP Manual about _GET/_POST
Upvotes: 2
Reputation: 343
It appears that is is trying to extract a value from the query string based on the name of the parameter. It is first checking to see if the $_POST variable is valid, and if not, check the $HTTP_POST_VARS. If either one of them are valid, it will return the value with the name of $param_name. For instance, if $param_name = "foo", it will check $_POST["foo"].
Upvotes: 0
Reputation: 4678
function get_param($param_name, $param_type = 0)
This returns a parameter value, with a given type, POST, or GET, which is optional. The value is stripped of slashes.
function strip($value)
This returns the parameter without slashes.
I agree with the other comments that this code was written prior to 2003, and should not be used, unless for supporting old code.
Upvotes: 2
Related Questions
- How does this "require" statement with a dynamic filepath work?
- Why PHP doesn't throw an error on missing semicolon?
- Why check if isset($_POST['Submit']) before accessing other $_POST elements?
- How does this bit of code work?
- Can someone explain this piece of PHP code?
- can someone explain what this php code is doing or its purpose