Wow. A bunch of usefull replies. Thank you all! Feyd is correct given that I had no idea what to call the construct I was looking for.
I seem to remember reading that variable variables would not work in superglobal arrays; but then it could be I don't fully understand what superglobals are. Anyway, before I got back to the forums, I put together this hack. It works, but is it secure? Would I be better off using arrays and sanitizing as per Everah's advice? Here is what I have:
Code: Select all
<?
// Descriptions
$desc1 = "Description for $img1";
$desc2 = "Description for $img2";
// imgURLs
$imgbase = "/images/";
$img1 = "image1.jpg";
$img2 = "image2.jpg";
$a = "desc"; // set description var prefix
$b = "img"; // set imgURL var prefix
$c = strip_tags($_GET['id']); // we need strip_tags() to kill HTML tags
echo "${$a . $c}"; // build and display the selected description var
echo "<img src=\"$imgbase${$b . $c}\">"; // and build the image tag using the selected image var
?>
Like I said, it works, but is strip_tags() secure enough? I have tested that it does strip tags, but can it still pass other undesirables? I assume that I would have to use arrays to validate the input as Everah suggests. I'm assuming:
Code: Select all
echo $images[$id]['desc'] . '<br /><img src="' . $imgbase . $images[$id]['path'] . '">';
would allow me to use my $imgbase var with this method. Is this correct?
And thanks again for all the help.