Skip to content

A quick PHP function to get Post, Get, or Session variables; and Cookies too

It should be pretty easy to get $_GET, $_POST, $_SESSION, or $_COOKIE variables in PHP code. The problem is that just entering $_GET[‘variable’] causes an error if the variable does not exist. What’s needed is a way to open the variable, and get a blank string if the variable is not defined.

That’s what this function does. You pass a variable name and it searches through the get, post, session, and cookie arrays to see if it exists. If the variable doesn’t exist in any of these arrays, a blank string is returned. More importantly, no error is tripped.

It checks in the order get, post, session, and cookie. So, if you have a cookie and a session variable named ‘something’, the value in $_SESSION[‘something’] will be returned.

function getvar($sVarName)
/*  Returns the value of a passed variable either by GET or
POST.  Will return a blank string if the variable does not
exist in either method.

Notes:  This function will check to see if the variable
exists in the GET collection first.  If it does
not then it will check the POST.  If the variable
does not exist in either it will return a blank
string.  Failing those two, it will check SESSION
variables and then cookies.
if (array_key_exists($sVarName, $_GET) == TRUE)
$temp = $_GET[$sVarName];
else if (array_key_exists($sVarName, $_POST) == TRUE)
$temp = $_POST[$sVarName];
else if (array_key_exists($sVarName, $_SESSION) == TRUE)
$temp = $_SESSION[$sVarName];
else if (array_key_exists($sVarName, $_COOKIE) == TRUE)
$temp = $_COOKIE[$sVarName];
$temp = "";

//Return variable to calling routine
return $temp;
Published inProgramming


  1. There are a few things wrong with this code. Line 28, instead of looking in $_COOKIE, attempts to call a function $_SESSION. (And $_SESSION is, of course, actually an array rather than a function.) And no check is made as to whether there is a session, which could result in a failure at line 22.

  2. You’re right about $_COOKIE. That’s a typo, that I just fixed, from when I came back and added those lines.

    I don’t think you need to check for a session. If there’s not an active session than the isset() will catch that the variable isn’t set. Of course I may be wrong. What error would come up in case a session wasn’t started?

  3. The diagnostic will be “Warning: array_key_exists() [function.array-key-exists]: The second argument should be either an array or an object in” followed by the file and line in which the call is attempted. So you want “else if (session_id() != “”) { if (array_key_exists($sVarName, $_SESSION) == TRUE) $temp = $_SESSION[$sVarName]; }” in place of the simpler code.

  4. That’s right, of course, and now that I see it written out it’s pretty obvious.

  5. 1) remember safety, don’t trust user input, so filter everything that comes from the user

    2) I made my own function for this (also not secure) but calls to it are really short. Handy if you have big forms with lots of variables. Your function would have to be called for every variable.

  6. Oh, it’s not secure at all the way it’s written. I typically run those arrays through another function first to escape out what’s received.

  7. ash ash

    This would lead to security issues in so many use cases.

    (Also, there is the $_REQUEST[] var that sort of does this anyway)

    > The problem is that just entering $_GET[‘variable’] causes an error if the variable does not exist

    Either do @$_GET[‘var’], or do something like $var = isset($_GET[‘var’]) ? $_GET[‘var’] : $default_value;

    • Yeah, probably could be shortened a bit using request instead of get, post, and cookie. Still would need session though. And I do tend to use ternaries now instead.

Leave a Reply

Your email address will not be published. Required fields are marked *