Posted by Hendri Kurniawan on 03/27/07 01:59

Jerry Stuckle wrote:
> Christoph Burschka wrote:
>> Jerry Stuckle wrote:
>>> Lo'oris wrote:
>>>> $name=$_GET['name'];
>>>> if (!$name)
>>>> $name="value";
>>>>
>>>> i can't figure out how to shorten this thing. Is there some kind of
>>>> operator i don't know about?
>>>>
>>> $name = isset($_GET['name']) ? $_GET['name'] : null;
>>>
>>> You should always test with isset() to see if a value passed to your
>>> page is set or not. Otherwise you will get a notice if you have them
>>> enabled.
>>>
>>
>> If setting multiple variables from $_GET, you can also try this:
>>
>> $parameters=array('name'=>"value",'example'=>"value1",'another'=>"value2");
>>
>> foreach ($parameters as $parameter=>$value)
>> {
>> $$parameter=$_GET[$parameter]?$_GET['parameter:$value;
>> }
>>
>
> Which is only slightly less dangerous than running with register_globals
> on. Someone can come in and set any variable in your script by setting
> it in the query string. And if you miss initializing a variable you've
> got a huge potential security breach.
>
> One reason register_globals is no longer enabled by default.
>

Not really. It think it's a clever way to do it. Save you some coding time.

If you see, he only allows the variable in the parameter to be changed.

But then again, it's only my oppinion.

Hendri

[Back to original message]