|
Posted by Josip Dzolonga on 04/06/05 16:04
Shaun wrote:
>Hi,
>
>If I have a function name held in a $_GET variable for example
>...&func=print_user_list how can I call the function dynamically? ie.
>$_GET['func']()
>
>Thanks for your help
>
>
>
Well, call_user_func() [ http://www.php.net/call_user_func ] will do the
job. But that is really bad, because you can get hacked really easy.
Here's a small example
www.url.com/file.php?func=evilfunction
So that is _bad_ coding and not a good practise at all, but if that is
the _only_ option be more than sure that you do some checking first. An
example follows :
$allowed = array('first_func', 'second_func', 'third_func') {
if(in_array($_GET['func'], $allowed) { /* it's okay */
call_user_func($_GET['func']); }
else { die('Next time, sucker'; }
}
Hope this helps,
--
Josip Dzolonga
http://josip.dotgeek.org
jdzolonga[at]gmail.com
[Back to original message]
|