SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot
    Join Date
    Jul 2004
    Location
    NC
    Posts
    194
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    gracefull way to declare $_REQUEST, and $_SESSION vars

    Hello,

    I'm migrating some sites to a new server that has PHP 5 installed on it and I'm changing all my old code to be compatable w/ PHP5.

    My question is that it seems that PHP5 requires that you declare your global vars before you use them.

    I you set your $_REQUEST vars at the beginning of the page you nix them when the page is submitted via a form.

    Here's an example:

    Code:
    <?
    
     #---- declare vars ------------------- 
    $_REQUEST['username'] = '';
    $_REQUEST['password'] = ''; 
    #--------------------------------------- 
    
    echo "<p> username: " . $_REQUEST['username'] . " password: " . $_REQUEST['password']; // once the form is submitted the above declaration will reset the set request variables ?>
    
    ?>

    How would you get around this?

    Thanks,
    Clem C.

  2. #2
    SitePoint Wizard silver trophy kyberfabrikken's Avatar
    Join Date
    Jun 2004
    Location
    Copenhagen, Denmark
    Posts
    6,157
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can lower error-reporting as was the default of older version of php.
    PHP Code:
    error_reporting(E_ALL E_NOTICE); 

  3. #3
    SitePoint Zealot
    Join Date
    Jul 2004
    Location
    NC
    Posts
    194
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yeah - I know I can do that but I'm trying to find a solution that isn't lazy and reflects the world of real programming.

  4. #4
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    personally i dont like to change the values of the superglobals, i treat them as read only.


    PHP Code:
    $var = isset($_GET['var']) ? $_GET['var'] : ''
    you can also use the @ operator to silence notices, eg
    echo @$_GET['var'];

    if you understand how php handles type conversions you will know the expected outcome, which would be an empty string if the variable doesnt exist. i dont consider this lazy programming, i consider it being familiar with the language. although, it may be less readable to some people.

  5. #5
    SitePoint Enthusiast
    Join Date
    Sep 2005
    Posts
    70
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You shouldn't use the @ superfluously.
    You should always develop pages with error reporting set to E_ALL.
    You also shouldn't write the values of requests without checking them first.
    You should specify either that the variable should be a GET or POST request (i.e. don't use $_REQUEST).
    You should always declare defaults for your variables (eliminates REGISTER_GLOBALS issues).

    Here is something closer to what you should be doing:

    PHP Code:
    #declare the defaults for our variables
    $username '';
    $password '';

    #check if the username was posted
    if(array_key_exists('username'$_POST)){
        
    $username filterUsername($_POST['username']);
    }

    #check if the password was posted
    if(array_key_exists('password'$_POST)){
        
    $password filterPassword($_POST['password']);
    }

    // once the form is submitted the above declaration will reset the set request variables
    echo "<p> username: " escapeData($username) . " password: " escapeData($password); 
    The implementation of the filterUsername, filterPassword, escapeData functions are up to you; basically the filter functions will validate that the input is in the right format, and the escapeData function will strip html etc. as needed.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •