[nycphp-talk] Manipulating $_REQUEST Directly
csnyder
chsnyder at gmail.com
Tue Jul 17 10:56:30 EDT 2007
On 7/16/07, Peter Sawczynec <ps at sun-code.com> wrote:
> I have inherited some old legacy code that down and dirty uses $_REQUEST
> to universally grab all varibales from combined GET and/or POST form
> submissions.
>
> So I want to be equally blunt and directly chop up and massage $_REQUEST
> before any code handles it.
>
> I want to have an array of acceptable "white list" $_REQUEST variable
> names I am looking for, allow those to remain in the $_REQUEST array,
> but I want all other $_REQUEST variables removed/destroyed out of
> $_REQUEST.
>
> Then simply allow the the remaining "white list" $_REQUEST to flow into
> the code.
Down and dirty calls for a foreach. ;-)
foreach( $_REQUEST AS $key=>$val ) {
if ( !in_array( $key, $whitelist ) ) {
unset( $_REQUEST[ $key ] );
}
else {
// do you have validation routines?
// whitelist could include type info for validation...
switch( $whitelist[ $key ] ) {
case 'text':
$_REQUEST[ $key ] = validated_text( $val );
break;
}
// end else
}
// end foreach
}
Maybe you were looking for something more efficient, but being able to
independently validate the values might make it worth a few extra
cycles, depending on whether the downstream code performs validation.
--
Chris Snyder
http://chxo.com/
More information about the talk
mailing list