The Design of Software (CLOSED)

A public forum for discussing the design of software, from the user interface to the code architecture. Now closed.

The "Design of Software" discussion group has been merged with the main Joel on Software discussion group.

The archives will remain online indefinitely.

PHP _GET and _POST (should they be mixed)?

Hello, would there be any problem with using

$value = $_GET[value] . $_POST[value];

?

The purpose is:
This is for an Edit Record page. The First time the $value is taken from the URL and used to load a record from a primary key $value. On the second time the $value is taken from the submitted form. That line of code would allow it to work without extra logic, like

if ( formproc ) {
  $value = $_POST[value];
}
else {
  $value = $_GET[value];
}

Thanks.
ICodeThereForeIAmBored
Friday, October 05, 2007
 
 
You're concatenating the GET and POST values, when what you really want is the GET value if it's defined, otherwise the POST value. This means your code will be confusing to people trying to read it (why is he concatenating them?) and error-prone (what if for some reason both are set?).

Better to do:
$value = isset($_GET["value"]) ? $_GET["value"] : $_POST["value"];
JW
Friday, October 05, 2007
 
 
There's no problem doing what you're doing, meaning it functionally work, but you should be less trusting (more security aware) of variables in those arrays.

A safer way:  call a function like the one below to put a POST or GET variable into $fred:

gv("fred", $_POST, $_GET);

Here's the function:

function gv() {
  $num_args = func_num_args();
  $varName = func_get_arg(0);

  if ($num_args >= 2) {
    global $$varName;

    for ($i = 1; $i < $num_args; $i++) {
      $_srcVar = func_get_arg($i);
      if (isset($_srcVar[$varName])) {
        $$varName = $_srcVar[$varName];
    if (ini_get('magic_quotes_gpc')) {
          $$varName = stripslashes($$varName);
        }
      }
    }
  } else {
    die("Called get_vars with too few arguments");
  }
}
Mr. Nile
Friday, October 05, 2007
 
 
with stricter error-reporting settings your code will give 'notice' level errors if the array index you're trying to reference doesn't exist, so if you're distribting this, then people won't like you. If you're only going to be hosting it yourself, then knock yourself out, but it's fairly sloppy practice.

And what happens if they're both set? or if neither is set? If you're setup to handle such cases, it's going to make your life a lot easier.
G Jones Send private email
Friday, October 05, 2007
 
 
$value = $_REQUEST[value];

Friday, October 05, 2007
 
 
Instead of looking in either $_GET or $_POST, try looking in $_REQUEST instead.
Tony Marston Send private email
Saturday, October 06, 2007
 
 
Use $_REQUEST, and make sure to filter the value for possible injection attacks.
ping?
Saturday, October 06, 2007
 
 

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
 
Powered by FogBugz