php mysql register globals & variables

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
benair
Forum Newbie
Posts: 2
Joined: Thu Aug 27, 2009 3:33 pm

php mysql register globals & variables

Post by benair »

I've been hacking along for a number of years - self taught in PHP and admittedly my code is so-so.
My apps work fine and get the job done, but for one thing I have been working with register globals on and
now I need to bite the bullet and clean up my act. You can always find info on initializing variables etc.,
but the explanations are not always in depth or complete. so...

If I pass variables through a link and then use $_GET , is the following acceptable AND secure

Let's say I pass the following in a link: /file.php?state=FL
Then in file.php (PHP_SELF may be another story but still interested in the differences there)

Example 1-----------

Code: Select all

<?php

$state = $GET['state'];

$state_PC_name = array("FL"=>"Florida", "GA"=>"Georgia", "CA"=>"California");

$state_proper = $state_PC_name[$state];

echo $state_proper;


?>
[/code ]

I'm sure I could've eliminated a step there by calling the array state_proper but intentionally wanted to have some variations, 
but is that basically what I need to do in general to run with register_globals off?


Also when using any/all variables that are part of a query string

Example 2 ------------

[code=php ]
<?php

// query FL records
$state = mysql_real_escape_string($_GET['state']);

$sql = "select * from states WHERE state = '$state' ";
$result = mysql_query($sql, $connection) 

// does anything need to be done prior to setting them in the

while ($row = mysql_fetch_array($result)) 

	{
          $ID = $row['ID'];
          $Name = $row[''];
        }

?>
[/code ]


I also came across a usage of ('" . $variable . "') somewhere in a query/insert string and can't find out more about why that is being used that way as opposed to just $variable ?


any comments on this are appreciated also if there are similar examples that point out WHAT NOT TO do in those examples, that's great too.
thanks!
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: php mysql register globals & variables

Post by jackpf »

Well...you seem to be getting the hang of it.

Although I do have a few suggestions.

First of all, you might want to check if the variables exist before using them.

For example:

Code: Select all

$var = $_GET['var']; //if "var" is not in the query string, you will get an "undefined index" error...
 
//the "proper" way (or at least, the way I do it...)
$var = (isset($_GET['var'])) ? $_GET['var'] : NULL;
For your example, you could extend that to simplify it, like so:

Code: Select all

$state = (isset($_GET['FL']) && in_array($_GET['FL'], array('array', 'of', 'acceptable', 'states'))) ? $_GET['FL'] : 'default_state';
benair
Forum Newbie
Posts: 2
Joined: Thu Aug 27, 2009 3:33 pm

Re: php mysql register globals & variables

Post by benair »

Interesting, I clearly understand your first example and as for the second one I'll need to step through a little to get a clearer understanding. I may follow this up after I can run through that and break it down. I like what I see there it's just not what I'm used to using...
? $_GET['FL'] : 'default_state';

Also, apparently I'm not displaying my sample code tags properly in my post.

Thanks Very Much for the prompt reply and assistance!
User avatar
jackpf
DevNet Resident
Posts: 2119
Joined: Sun Feb 15, 2009 7:22 pm
Location: Ipswich, UK

Re: php mysql register globals & variables

Post by jackpf »

Yeah, that's called the "ternary operator".

And yeah...you put spaces.
Post Reply