[nycphp-talk] $_REQUEST: Bad Form?
Paul Houle
paul at devonianfarm.com
Sun Oct 14 19:01:24 EDT 2007
The most effective PHP code doesn't use $_GET, $_POST, $_REQUEST
or any of those superglobals except inside a few subroutines.
$_GET, $_POST and $_REQUEST are not reliable across PHP hosting
environments because some have "magic_quotes_gpc"on and other have it
off. There's also the problem that some PHP environments have strict
variable checking on and others don't. If you want "value not set" to
evaluate false without errors and warnings, you need to write something
like:
if(isset($_GET["myvar"])) {
$myvar=$_GET["myvar"];
} else {
$myvar="";
}
This gets tedious if you need to write it hundreds of times in your
app, so write something like
function get($name,$default_value="") {
if(!isset($_GET[$name])) {
return $default_value
};
if (get_magic_quotes_gpc()) {
return stripslashes($_GET[$name]);
} else {
return $_GET[$name];
}
}
Now you can forget about magic_quotes_gpc and other runtime
configuration and go ahead writing reliable apps. In real life you
might pick a name that's a little less prone to namespace conflict.
More information about the talk
mailing list