Reply to Re: [PHP] Call a Function Held in a $_GET Var

Your name:

Reply:


Posted by Josip Dzolonga on 04/06/05 16:04

Shaun wrote:

>Hi,
>
>If I have a function name held in a $_GET variable for example
>...&func=print_user_list how can I call the function dynamically? ie.
>$_GET['func']()
>
>Thanks for your help
>
>
>
Well, call_user_func() [ http://www.php.net/call_user_func ] will do the
job. But that is really bad, because you can get hacked really easy.
Here's a small example

www.url.com/file.php?func=evilfunction

So that is _bad_ coding and not a good practise at all, but if that is
the _only_ option be more than sure that you do some checking first. An
example follows :

$allowed = array('first_func', 'second_func', 'third_func') {
if(in_array($_GET['func'], $allowed) { /* it's okay */
call_user_func($_GET['func']); }
else { die('Next time, sucker'; }
}

Hope this helps,

--
Josip Dzolonga
http://josip.dotgeek.org

jdzolonga[at]gmail.com

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация