【PHP函数集锦】import_request_variables

原创 2011年05月29日 15:16:00

 

 

(PHP 4 >= 4.1.0, PHP 5)

import_request_variables将 GET/POST/Cookie 变量导入到全局作用域中

描述

bool import_request_variables ( string $types [, string $prefix ] )

将 GET/POST/Cookie 变量导入到全局作用域中。如果你禁止了 register_globals,但又想用到一些全局变量,那么此函数就很有用。

你可以使用 types 参数指定需要导入的变量。可以用字母‘G’、‘P’和‘C’分别表示 GET、POST 和 Cookie。这些字母不区分大小写,所以你可以使用‘g’、‘p’和‘c’的任何组合。POST 包含了通过 POST 方法上传的文件信息。注意这些字母的顺序,当使用“gp”时,POST 变量将使用相同的名字覆盖 GET 变量。任何 GPC 以外的字母都将被忽略。

prefix 参数作为变量名的前缀,置于所有被导入到全局作用域的变量之前。所以如果你有个名为“userid”的 GET 变量,同时提供了“pref_”作为前缀,那么你将获得一个名为 $pref_userid 的全局变量。

如果你对导入其它全局变量(例如 SERVER 变量)感兴趣,请考虑使用 extract()

Note:

虽然 prefix 参数是可选的,但如果不指定前缀,或者指定一个空字符串作为前缀,你将获得一个 E_NOTICE 级别的错误。使用默认错误报告级别是不显示注意(Notice)级别的错误的。

 

<?php
// 此处将导入 GET 和 POST 变量
// 使用“rvar_”作为前缀
import_request_variables("gP""rvar_");

echo 
$rvar_foo;
?>

参见 $_REQUESTregister_globals预定义变量extract()



intval> <gettype
Last updated: Fri, 27 May 2011
 
add a note add a note User Contributed Notes import_request_variables
michal dot kocarek at NO_SPAM dot seznam dot cz 23-Sep-2007 09:47
Regarding the last post:

When $_GET[$k] is compared against NULL or '' (empty string) inside the foreach loop, it should be compared only against one of the expressions or strict equality operator should be used.
In this case, second part of expression ($_GET[$k] == NULL) will be *never* executed, because of NULL gets converted to empty string.
Also be aware that zero is equal (==) to empty string, so if passing zeroes through the $_GET, use strict comparsion to check whether variable exist or not.
Next notice: when nothing will be set into $_GET array, all comparsions will generate lot of E_NOTICE errors, because you are accessing unassigned variable.

<?
// Slightly modified previous example
$input = array('name' => null, 'age' => 26) ;
// 26 is the default age, if $_GET['age'] is empty or not set

/**
 * Extracts $_GET variables to global scope by the definition from the $input array
 * @return void
 */
function extract_get() {
    global
$input;
   
    if (isset(
$input) && is_array($input)) foreach ($input as $k => $v) {
        if (!isset(
$_GET[$k])) {
           
$GLOBALS[$k] = $v;
            continue;
        }
       
$getval = $_GET[$k];
        if (
$getval === null || $getval === '') {
           
$getval = $v;
        } elseif (
is_numeric($v)) {
           
$getval = (int) $getval;
        } elseif (
get_magic_quotes_gpc() == 1) {
           
$getval = stripslashes_deep($getval);
        }
       
$GLOBALS[$k] = $getval;
        unset(
$getval);
    }
}

/**
 * Performs stripslashes function recursively on the array or on the single variable
 * @param mixed $var Variable - can be scalar variable or the array
 * @return mixed Variable with slashes stripped with function stripslashes()
 */
function stripslashes_deep($var) {
    if (!
is_array($var))
        return
stripslashes($var);
    foreach(
$var as $k => $v) {
       
$var[$k] = stripslashes_deep($v);
    }
    return
$var;
}
?>
samb06 at gmail dot com 15-May-2006 11:09
What i do is have a small script in my header file that takes an array called $input, and loops through the array to extract variables. that way the security hole can be closed, as you specify what variables you would like extracted

$input = array('name' => null, 'age' => 26) ;

// 26 is the default age, if $_GET['age'] is empty or not set

function extract_get()
    {
        global $input ;
       
        if ($input)
            {
                foreach ($input as $k => $v)
                    {
                        if ($_GET[$k] == '' or $_GET[$k] == NULL)
                            {
                                $GLOBALS[$k] = $v ;
                            }
                        else
                            {
                                $GLOBALS = $_GET[$k] ;
                            }
                    }
            }
    }
jason 08-Jul-2005 07:35
reply to ceo AT l-i-e DOT com:

I don't think it's a risk, as all of your request variables will be tagged with the prefix. As long as you don't prefix any of your internal variables with the same, you should be fine.

If someone tries to access an uninitiated security-related variable like $admin_level through request data, it will get imported as $RV_admin_level.
nexxer at rogers dot com 11-Feb-2005 06:47
PHP5 seems to have fixed that, in the sense that import_request_variables("g") works like extract($_GET). It doesn't seem to be passing a reference to the global, but instead creating a copy of it as expected
cornflake4 at gmx dot at 10-Jan-2005 10:52
oops, a typo in my comment:

The last line in the second example (the on using the extract() function) should read:

echo $_GET['var']; # prints 1, so $_GET has been unchanged
cornflake4 at gmx dot at 09-Jan-2005 05:39
Beware:

import_request_variables() does not copy the request variables into local scope variables. Instead, it copies the *reference* to the request variable content to local variables Important implication: any change to the local variable means a changes to the respective request variable, too!

This is a clear difference to extract($_GET) which copies the content of the request variables into local variables.

To shed some light on the implication, consider this (assuming the query string "...&var=1"):

echo $_GET['var']; # prints: 1
import_request_variables();
echo $var; # prints 1
$var = 2;
echo $_GET['var']; # prints 2 !!!!

So, $_GET has changed as well!

On the other hand:

echo $_GET['var']; # prints: 1
extract($_GET);
echo $var; # prints 1
$var = 2;
echo $_GET['var']; # prints 2 !!!!

Because of this, I recommend NOT using import_request_variables(), but extract($_GET); extract($_POST); extract($_COOKIE); instead, since this combination bears not these unexspected side effects.

PS: not to mention that you have to reconsider your coding style if any need to import_request_variables arises at all!
ceo AT l-i-e DOT com 10-Dec-2004 08:56
Call me crazy, but it seems to me that if you use this function, even WITH the prefix, then you might as well just turn register_globals back on...

Sooner or later, somebody will find a "hole" with your prefixed variables in an un-initialized variable.

Better to import precisely the variables you need, and initialize anything else properly.
brian at enchanter dot net 07-Dec-2004 01:19
import_request_variables does *not* read from the $_GET, $_POST, or $_COOKIE arrays - it reads the data directly from what was submitted. This is an important distinction if, for example, the server has magic_quotes turned on and you massage the data to run stripslashes on it; if you then use import_request_variables, your variables will still have slashes in them.

In other words: even if you say $_GET=""; $_POST=""; then use import_request_variables, it'll still get all the request data.

If you change the contents of $_GET and you then want to bring this data into global variables, use extract($_GET, EXTR_PREFIX_ALL, "myprefix") instead

【PHP函数集锦】import_request_variables

  (PHP 4 >= 4.1.0, PHP 5)import_request_variables — 将 GET/POST/Cookie 变量导入到全局作用域中Report a bug 描述bool...
  • lubintech
  • lubintech
  • 2011年05月29日 15:16
  • 432

PHP常见易错题

1、易错题1 function timesTwo(&$int) {         $int = $int * 2;     }     $int = 2;     $result = ti...
  • chajinglong
  • chajinglong
  • 2017年02月20日 23:00
  • 172

import_request_variables函数说明

   关于函数import_request_variables                                                                     ...
  • phphot
  • phphot
  • 2007年12月13日 09:42
  • 1144

PHP魔术函数集锦

1。__construct()实例化对象时被调用,当__construct和以类名为函数名的函数同时存在时,__construct将被调用,另一个不被调用。2。__destruct()当删除一个对象或...
  • zz198811
  • zz198811
  • 2010年04月28日 20:49
  • 820

【PHP函数集锦】get_defined_vars

get_defined_vars — 返回由所有已定义变量所组成的数组 Report a bug 描述arrayget_defined_vars ( void )此函数返回一个包含所有已定义变量列表的...
  • lubintech
  • lubintech
  • 2011年05月29日 15:19
  • 426

开源集锦(六)GitHub开源控件(二)

pockethub/PocketHub Github开源Android客户端 https://github.com/pockethub/PocketHub
  • wds1181977
  • wds1181977
  • 2016年07月11日 09:56
  • 1025

经典SQL语句大全——(三)sql server基本函数

1.字符串函数 长度与分析用1,datalength(Char_expr) 返回字符串包含字符数,但不包含后面的空格 2,substring(expression,start,length) 取子串...
  • huangxingchen123
  • huangxingchen123
  • 2016年09月26日 14:29
  • 189

VBA中WINAPI 函数应用集锦

转自: http://www.cnblogs.com/james.wong/articles/93942.htmlAPI 函数在 VB 中得到了充分的运用,同时也让无数 VB 爱好者沉溺于其中。幸运的...
  • liujiaqiid
  • liujiaqiid
  • 2009年09月28日 11:34
  • 2076

双目测距与三维重建的OpenCV实现问题集锦(一)双目定标与双目校正

双目测距的基本原理 如上图所示,双目测距主要是利用了目标点在左右两幅视图上成像的横向坐标直接存在的差异(即视差 )与目标点到成像平面的距离Z存在着反比例的关系:Z=fT/d。“@scyscyao...
  • lihuajie1003
  • lihuajie1003
  • 2014年11月29日 12:36
  • 1394

eclipse 插件集锦

XML Schema Infoset Model (XSD) 功能:XML Schema Infoset Model 是个参考库提供用于测试,创建或者修改 W3C XML Schema 的 API。主...
  • kamiiyu
  • kamiiyu
  • 2006年08月03日 02:26
  • 997
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:【PHP函数集锦】import_request_variables
举报原因:
原因补充:

(最多只允许输入30个字)