Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
07-27-2007, 10:07 AM #1
convert $_GET variables to regular variables? about 10 times
Do you guys always convert your GET and/or POST variables to regular variablesPHP Code:
$variable = foo;
07-27-2007, 10:08 AM #2
- Join Date
- Dec 2004
- In a place far, far away...
- Thanked 1,043 Times in 1,019 Posts
I just think its easier to type a variable name rather than $_GET['var'];
The strain on the parser is the same whether you assign it to a variable or not. Also it helps for preventing mysql injection. Declaring the variables to empty to start with and then checking the data to see if its valid and then reassigning it the variable. I don't think you can do this
I could be wrong though, don't know.PHP Code:
$_GET['var'] = '';
Last edited by _Aerospace_Eng_; 07-27-2007 at 10:37 AM.
07-27-2007, 10:28 AM #3
07-27-2007, 04:30 PM #4
- Join Date
- May 2002
- Perth Australia
- Thanked 101 Times in 99 Posts
I prefer to leave variables in their original form unless there is an overriding need to alter it (or I alter the variable via script) , there is no protection against injection unless register_globals is on and variables are not declared locally before they are used (or filtered if they are GPC)
From a resource viewpoint there is an (probably too small to measure) overhead in declaring the variable twice (even if you then unset the original) so if resource usage worries you then don't do it.
It is easier on the typing though
MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)
07-27-2007, 04:59 PM #5
- Join Date
- Oct 2006
- Denver, Colorado USA
- Thanked 339 Times in 331 Posts
For variables that might or might not exist (from a form, a url, a cookie, a session...) I always do something like this near the beginning of the code -
The variable is then only checked if it exists once and is evaluated only once. The internal variable will then exist through out the remainder of the code with either the actual input or an empty string.PHP Code:
$get_action = isset($_GET['action']) ? $_GET['action'] : '';
If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.
07-27-2007, 05:03 PM #6