Working with Request objects in PHP (II). Back to the past

In one of my last post “Working with request objects in PHP”, I wrote a simple library to handle request objects. According that post let’s do a bit of history of PHP. In the early years of PHP (PHP3 – PHP4) one of the cool features of PHP was the “variable injection” inside our projects with register_globals=on. If you had the following a url:


Your script had magically a variable called $parameter1 with the value “Hi”. This feature has horrible security problems, if our user can inject variables in our scripts, especially with a loose typing program language like PHP. Because of that we all swap from those injected variables to get the value from $_POST and $_GET superglobals. In fact “injected variables” are disabled long time ago within PHP configuration.

Nowadays we don’t use $_POST $_GET superglobals directly. We need to filter the input. Because of that I wrote RequestObject library. Now we’re going to back to the past and allow the use of injected variables, but filtered.

RequestObject has now an extra public function called getFilteredParameters. This function returns an array with all already filtered input parameters. So if we use “extract” function we can create variables for each input parameters, but with the filtered values:

class Request extends RequestObject
    /** @cast string */
    public $param1;
     * @cast string
     * @default default value
    public $param2;

$request = new Request();

echo "param1: <br/>";
echo "<br/>";

echo "param2: <br/>";
echo "<br/>";

Full library available on github here


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.