PHP dynamic $_POST or $_COOKIE variable

Forum Moderators: coopster

Message Too Old, No Replies

PHP dynamic $_POST or $_COOKIE variable

It sounds easy but can you make it work?

stidj

3:40 am on Aug 4, 2005 (gmt 0)

Ok guys the premise of this was to dynamically retrive either a $_COOKIE or $_POST variable depending on which exist.

I thought it was simple and was simply using a variable called $element_type

the idea is that $element_type is either "$_POST" or "$_COOKIE"

So you would think the code $type."['FormName']" would work and retrieve either a cookie or post value .......but it doesn't. I've tried using an eval on it but I always get a parse error because of the square brackets (without eval the best I can get is literally the text $_POST['somevariable'] which is of course useless.

If anyone knows what I'm trying to do and can make it work I'd appreciate it :)

Cheers

jd01

7:33 am on Aug 4, 2005 (gmt 0)

Hi stidj,

What I believe you are seeing is different defaults from different php versions. In earlier versions globals were on by default. For security reasons they have been turned off in later versions.

The best way to overcome this is with a simple if/else statement. (Way more secure anyway... I normally modify my .htaccess to turn globals off if I am working with a server that has them on by default.)

$yourvariable=$_POST['variable'];
if(!isset($yourvariable) OR $yourvariable==='') $yourvariable=$_COOKIE;

Obviously, you will want some other pattern checks for security reasons, but this should get you started.

Hope this helps.

Justin

crypto

8:15 am on Aug 4, 2005 (gmt 0)

Is this what you need:

<?
$_POST["FormVar"]='hello'; //Just for testing

$element_type='$_POST';

$check_var=$element_type.'["FormVar"]';

eval('$my_var='.$check_var.';');

echo 'Variable = '.$my_var;
?>

Otherwise I'd go with the method of isset().

Cheers

Crypto

stidj

2:12 pm on Aug 4, 2005 (gmt 0)

Thanks everyone.

crypto I never thought of this eval('$my_var='.$check_var.';');

I will give it a try.

I'm just using these cookies in forms (no passwords or other sensitive info) and I have an array of what values would be retrieved so I don't think security should be an issue. Let me know if I'm wrong.

jd01

6:34 pm on Aug 4, 2005 (gmt 0)

As far as security- I was thinking about thwarting high-schoolers from messing with your php pages.

Justin

stidj

6:28 pm on Aug 6, 2005 (gmt 0)

I cannot get this method to work still:

$check_var=$element_type.'["FormVar"]';

eval('$my_var='.$check_var.';');

I have verified the value of $check_var ends up being "$_POST["somevariable"]"

even if I just do an eval($check_var) I get an error:

Parse error: parse error, unexpected $

Any more ideas guys?

jd01

8:47 pm on Aug 6, 2005 (gmt 0)

eval('$my_var='.$check_var.';');

I think it's an escaping problem, try:

eval("\$my_var=\"$check_var\";");

Justin

ergophobe

11:04 pm on Aug 6, 2005 (gmt 0)

Just to throw out something entirely different, how about doing it with a variable variable?

$var-var = $element_type.'["FormVar"]';
$my-var = $$var-var;

$var-var is a string that contains a value like "_POST['varname']" with NO $
$$var-var now has the value of the variable whose name is like concatenating a $ to the string in $var-var.

stidj

7:28 pm on Aug 7, 2005 (gmt 0)

Thanks guys. Actually I think both ways work now after playing around some more :)

The more ways the merrier.

You guys are the best!

madmac

11:51 pm on Aug 7, 2005 (gmt 0)

I do this when a variable may exist in more than one superglobal:

$var = ((isset($_COOKIE['somevariable']) && !empty($_COOKIE['somevariable']))? $_COOKIE['somevariable'] : ((isset($_POST['somevariable']) && !empty($_POST['somevariable']))? $_POST['somevariable'] : false));