Working with Request objects in PHP (II). Back to the past


In one of my last post “Working with request objects in PHP”, I wrote a simple library to handle request objects. According that post let’s do a bit of history of PHP. In the early years of PHP (PHP3 – PHP4) one of the cool features of PHP was the “variable injection” inside our projects with register_globals=on. If you had the following a url:

index.php?parameter1=Hi

Your script had magically a variable called $parameter1 with the value “Hi”. This feature has horrible security problems, if our user can inject variables in our scripts, especially with a loose typing program language like PHP. Because of that we all swap from those injected variables to get the value from $_POST and $_GET superglobals. In fact “injected variables” are disabled long time ago within PHP configuration.

Nowadays we don’t use $_POST $_GET superglobals directly. We need to filter the input. Because of that I wrote RequestObject library. Now we’re going to back to the past and allow the use of injected variables, but filtered.

RequestObject has now an extra public function called getFilteredParameters. This function returns an array with all already filtered input parameters. So if we use “extract” function we can create variables for each input parameters, but with the filtered values:

class Request extends RequestObject
{
    /** @cast string */
    public $param1;
    /**
     * @cast string
     * @default default value
     */
    public $param2;
}

$request = new Request();
extract($request->getFilteredParameters());

echo "param1: <br/>";
var_dump($param1);
echo "<br/>";

echo "param2: <br/>";
var_dump($param2);
echo "<br/>";

Full library available on github here

Advertisements

About Gonzalo Ayuso

Web Architect. PHP, Python, Node, Angular, ionic, PostgreSQL, Linux, ... Always learning.

Posted on November 7, 2011, in php, Technology and tagged . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: