Welcome! Log In Create A New Profile

Advanced

Re: [PHP] Variable Variables and Super Global Arrays

Posted by Micah Gersten 
Micah Gersten
Re: [PHP] Variable Variables and Super Global Arrays
October 12, 2008 05:45PM
That's fine as a test, but you never want to get a variable name from a
URL in practice.

Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com



Richard Heyes wrote:
>> $varname = "\$_SERVER['REMOTE_ADDR']";
>> $varvalue = $$varname;
>>
>
> That's wrong. Offhand you'll end up printing a string. I tried this:
>
> <?php
> $a = 365;
> $b = 366;
>
> $var = $_GET['var'];
>
> echo $$var;
> ?>
>
> And it was fine.
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Richard Heyes
Re: [PHP] Variable Variables and Super Global Arrays
October 12, 2008 06:15PM
> That's fine as a test, but you never want to get a variable name from a
> URL in practice.

Of course you can, as long as it's sanitized and checked.

--
Richard Heyes

HTML5 Graphing for FF, Chrome, Opera and Safari:
http://www.rgraph.org

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Micah Gersten
Re: [PHP] Variable Variables and Super Global Arrays
October 12, 2008 07:45PM
I mean that it is open for hacking if you pass a variable name through a
URL.

Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com



daniel danon wrote:
> What do you mean?
>
> On Sun, Oct 12, 2008 at 5:40 PM, Micah Gersten <[email protected]
> <mailto:[email protected]>> wrote:
>
> That's fine as a test, but you never want to get a variable name
> from a
> URL in practice.
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
> Richard Heyes wrote:
> >> $varname = "\$_SERVER['REMOTE_ADDR']";
> >> $varvalue = $$varname;
> >>
> >
> > That's wrong. Offhand you'll end up printing a string. I tried this:
> >
> > <?php
> > $a = 365;
> > $b = 366;
> >
> > $var = $_GET['var'];
> >
> > echo $$var;
> > ?>
> >
> > And it was fine.
> >
> >
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Sorry, only registered users may post in this forum.

Click here to login