Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Regular Coder
    Join Date
    Aug 2002
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Help with basic function to initialize page required variable

    The idea is that instead of repeating this sort of thing at the top of my scripts:

    PHP Code:
    $id $_REQUEST['id'];
    if(
    $id == '')
    ... 
    ..I can simply have a function called int_var and do this


    PHP Code:
    function int_var($var){
        
        if(!isset(
    $_REQUEST[$var]) && !isset($_SESSION[$var])){
            echo 
    "Error: This page requires the variable '<b>".$var."</b>' to be passed";
            exit;
        }
        
        if(
    $_REQUEST[$var] != ''){
            $
    $var $_REQUEST[$var];
        
        } else if(
    $_SESSION[$var] != ''){
            $
    $variable $_SESSION[$var];
        }
        
    }

    // this page expects either $_REQUEST['id'] or $_SESSION['id']
    int_var('id'); 

    What I should end up with from this example above is

    $id = '2';

    But it just doesn't seem to be creating the $id variable.

    Any suggestions?

  • #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,108
    Thanks
    11
    Thanked 101 Times in 99 Posts
    You are expecting $$var to be accessible outside the function scope which it will not be without declaring it global or passing it by reference.

    in the scope of what I think you want ....

    PHP Code:
    <?php
    function required($vars){
        foreach(
    $vars as $v){
            if(!empty(
    $_REQUEST[$v])){
                global 
    $v$v$_REQUEST[$v];
            }elseif(!empty(
    $_SESSION[$v])){
                global 
    $v$v$_SESSION[$v];
            }else{
                die(
    "Error: This page requires the variable '<b>".$v."</b>' to be passed");
            }
        }
    }

    required(array('id','blah'));
    echo 
    $id;
    echo 
    $blah;
    ?>
    ..should work...
    Personally however I prefer not to do `$id=$_GET['id']` etc and prefer to work with the original $_GET['id'] etc , in which case something like the below would just check the variables exist.

    PHP Code:
    <?php
    function required($vars){
        foreach(
    $vars as $v){
            if(empty(
    $_REQUEST[$v]) && empty($_SESSION[$v])){
                die(
    "Error: This page requires the variable '<b>".$v."</b>' to be passed");
            }
        }
    }
    ?>
    You could also take this opportunity to filter the incoming variables for injection/script attacks & so on via addslashes(), htmlentities() etc..
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  • #3
    Regular Coder
    Join Date
    Aug 2002
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks

    Personally however I prefer not to do `$id=$_GET['id']` etc and prefer to work with the original $_GET['id'] etc
    Is that because it's more obvious where those vars came from when your working with them?


    You could also take this opportunity to filter the incoming variables for injection/script attacks & so on via addslashes(), htmlentities() etc..
    I haven't done that before but probably should!, especially since I'm inserting data into MySQL

  • #4
    Regular Coder
    Join Date
    Sep 2006
    Location
    Vermont, USA
    Posts
    154
    Thanks
    0
    Thanked 6 Times in 6 Posts
    if your concern is data insertion into mysql, look into type setting and mysql_real_escape_string()

    PHP Code:
    $query 'INSERT INTO table (id,name) VALUES('.(int)$id.',"'.mysql_real_escape_string($name).'")'
    Active PHP/MySQL application developer available for immediate work.
    syosoft.com mavieo.com - Remote Web Site Administration Suite - Reseller Ready


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •