Reputation: 161
PHP: Is it ok to pass $_GET as a parameter of a constructor?
Is it ok to pass $_GET as a parameter of a constructor?
I'm guessing not but would like some constructive arguments that will hopefully raise the following please?
- Best strategy for dealing with $_GET at the client
- Security issues around $_GET
Thanks in advance for your interest.
Upvotes: 1
Views: 281
Answers (4)
Reputation: 344
You could argue that one of the points of using OO programming and classes is encapsulation. By passing though a global parameter you don't break the arrangement, but you do compromise it slightly.
Technically there is no issue as long as you are assigning the values of the $_GET parameter within your constructor. If you're actually assigning a reference, or calling $_GET within your methods, you're leaving yourself open to the possibility of the functionality of your class being compromised by changes outside.
Upvotes: 1
Reputation: 163234
Of course. The data in $_GET is just like any other data. You just need to remember that data from the user can never be trusted.
If your classes are sanitizing data for use, generally this isn't an issue anyway. Just be extra cautious to avoid things such as SQL injections and XSS.
Upvotes: 0
Reputation: 270607
Your question could use a little clarification, but if you're talking about an object constructor function __construct():
It wouldn't harm anything to pass $_GET to an object constructor, however it's unnecessary because the $_GET superglobal is already available to any class you create.
Subjectively, I tend not to access $_GET $_POST $_SESSION inside classes directly myself very often. Usually I'll pass in the array values from the superglobals that I'll actually be needing. This is strictly a personal preference though, because it's always looked weird to me to access them inside class methods. There's nothing wrong with doing it.
Upvotes: 4
Reputation: 28906
$_GET is a variable like any other, and can be used as such. You can pass it anywhere you would pass another variable.
Since $_GET contains user-provided data, you should always clean that data before performing operations on it. Escape the data before inserting it into a database or outputing it as HTML.
Upvotes: 1
Related Questions
- PHP $_GET request inside class construct, not working
- Defining Variable Get in PHP
- Is it bad practice to dynamically create a variable from array to read a $_GET method in php
- Using $_GET in class
- PHP create object inside it's own constructor
- beginning oop php question: do constructors take the place of getter?
- PHP Class Constructor, Not Clear On Passing in $_GET params
- PHP: $ get inside
- Is this a proper way to use get in php
- php function __construct() question involving this->get = $_GET