How to use external variables (e.g. POST/GET) in PHP with error level E_NOTICE

Asked
Viewd219

0

I'm looking for the best way how to use external variables in PHP with error level including E_NOTICE.

I have three possible ways, I would be happy, if you can give some hints on each or suggest a different approach that YOU like.

    1.
class WebApp {

    public static function _GET($Index) {
        if (isset($_GET[$Index])) {
            return $_GET[$Index];
        } else {
            return NULL;
        }
    }
}

// E_NOTICE, does not throw a notice:
echo WebApp::_GET('ID');

// E_NOTICE, throws a notice:
echo $_GET['ID'];

2.

class RequestSanitizer {
    const V_INTEGER = 1;
    const V_STRING = 2;
    const V_REAL = 3;

    public static function Sanitize($arr) {
        foreach ($arr as $key => $val) {
            if (array_key_exists($key, $_GET)) {
                switch ($val) {
                    case RequestSanitizer::V_INTEGER:
                        $_GET[$key] = $_GET[$key] + 0;
                        break;
                    case RequestSanitizer::V_STRING:
                        $_GET[$key] = $_GET[$key] + '';
                        break;
                    case RequestSanitizer::V_REAL:
                        $_GET[$key] = $_GET[$key] + 0;
                        break;
                }
            } else {
                $_GET[$key] = null;
            }
        }
    }
}

RequestSanitizer::Sanitize(array(
    'GraphID' => RequestSanitizer::V_INTEGER,  
    'UserName' => RequestSanitizer::V_STRING,  
    'Password' => RequestSanitizer::V_STRING,  
    'Price' => RequestSanitizer::V_REAL 
));

echo $_GET['GraphID'];

3.

if (isset($_GET['ID']) && ($_GET['ID']+0>0)) {
   echo $_GET['ID']
}

2 个答案

0

i'd use a Request class that encapsulates all Php "superglobals" and provides methods like "param()", "numParam()", "arrayParam()" and so on.

$req = new Request();
$user_id = $req->numParam('id');
 // user_id is guaranteed to be a valid integer or 0
  • This is very similar to my first option. I used static method, so I don’t have to create new class every time I need to use it. I like your approch with “numParam”, “arrayParam”, etc…

    oneeeOctober 13, 2009 16:19
1

I would use

if (isset($_GET['ID']) && ($_GET['ID']+0>0)) {
   echo (int)$_GET['ID']
}

with a casting to integer (int). If the value must be an integer.

  • But you didn’t checked if the var is set. You would get “0” even if there was no value provided!

    powtacOctober 13, 2009 16:20
  • In this case you have to: 1) always use casting 2) always test, if the variable is set (isset($_GET[‘ID’]))

    oneeeOctober 13, 2009 15:47
  • Yes, and there will be no shorter way to achieve this. If the variable is not set, the second condition of the expression will not be executed. But only if its sure that the value has to be an integer.

    powtacOctober 13, 2009 16:00
  • Shorter way with class from option 1: echo (int)WebApp::_GET(‘ID’);

    oneeeOctober 13, 2009 16:11