Comments on: A quick PHP function to get Post, Get, or Session variables; and Cookies too

By: Ryan

Ryan — Mon, 15 Jun 2009 17:28:00 +0000

Oh, it’s not secure at all the way it’s written. I typically run those arrays through another function first to escape out what’s received.

By: Niels Bom

Niels Bom — Sun, 14 Jun 2009 16:05:54 +0000

1) remember safety, don’t trust user input, so filter everything that comes from the user

2) I made my own function for this (also not secure) but calls to it are really short. Handy if you have big forms with lots of variables. Your function would have to be called for every variable.

http://pastebin.com/f6297df11

By: Ryan

Ryan — Tue, 17 Jun 2008 02:24:05 +0000

That’s right, of course, and now that I see it written out it’s pretty obvious.

By: Daniel

Daniel — Tue, 17 Jun 2008 00:34:45 +0000

The diagnostic will be “Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in” followed by the file and line in which the call is attempted. So you want “else if (session_id() != “”) { if (array_key_exists($sVarName, $_SESSION) == TRUE) $temp = $_SESSION[$sVarName]; }” in place of the simpler code.

By: Ryan

Ryan — Mon, 16 Jun 2008 18:49:03 +0000

You’re right about $_COOKIE. That’s a typo, that I just fixed, from when I came back and added those lines.

I don’t think you need to check for a session. If there’s not an active session than the isset() will catch that the variable isn’t set. Of course I may be wrong. What error would come up in case a session wasn’t started?

By: Daniel

Daniel — Mon, 16 Jun 2008 17:34:27 +0000

There are a few things wrong with this code. Line 28, instead of looking in $_COOKIE, attempts to call a function $_SESSION. (And $_SESSION is, of course, actually an array rather than a function.) And no check is made as to whether there is a session, which could result in a failure at line 22.