|
Posted by Jerry Stuckle on 03/27/07 00:41
Christoph Burschka wrote:
> Jerry Stuckle wrote:
>> Lo'oris wrote:
>>> $name=$_GET['name'];
>>> if (!$name)
>>> $name="value";
>>>
>>> i can't figure out how to shorten this thing. Is there some kind of
>>> operator i don't know about?
>>>
>> $name = isset($_GET['name']) ? $_GET['name'] : null;
>>
>> You should always test with isset() to see if a value passed to your
>> page is set or not. Otherwise you will get a notice if you have them
>> enabled.
>>
>
> If setting multiple variables from $_GET, you can also try this:
>
> $parameters=array('name'=>"value",'example'=>"value1",'another'=>"value2");
> foreach ($parameters as $parameter=>$value)
> {
> $$parameter=$_GET[$parameter]?$_GET['parameter:$value;
> }
>
Which is only slightly less dangerous than running with register_globals
on. Someone can come in and set any variable in your script by setting
it in the query string. And if you miss initializing a variable you've
got a huge potential security breach.
One reason register_globals is no longer enabled by default.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|