78b0e32da6ce10e17db345a9aa8cde78

any thought on this?

<?

class Util {

	static function arg($name, $default = null) {
		return (self::arg_p($name, self::arg_g($name, $default)));
	}
	
	static function arg_g($name, $default = null) {
		return (isset($_GET[$name]))?$_GET[$name]:$default;
	}
	
	static function arg_p($name, $default = null) {
		return (isset($_POST[$name]))?$_POST[$name]:$default;
	}

}

?>

Refactorings

No refactoring yet !

F23409c4ed7fffe188d39a23e3a1527f

Paul Kemper

October 5, 2007, October 05, 2007 01:16, permalink

No rating. Login to rate! 
<?php

class Util
{
  static function arg( $name, $default = null )
  {
    // This construction avoids calls to the extra methods
    // Note that it does not take care of the GPC order settings in php.ini but for your purposes it might be enough
    return isset($_POST[$name])?$_POST[$name]:(isset($_GET[$name])?$_GET[$name]:$default);
  }
}
Ed6a8195fda35ac08756338d310620f6

Mark

October 5, 2007, October 05, 2007 01:43, permalink

No rating. Login to rate!

I would not make a generic function to grab things from both the POST and GET, because it makes your website behave 'weird' if you expect a variable to come from the _GET array and some unknown user puts the same var in the _POST array

Or on a certain day in the future you (or a college) will make a form to submit var 'x' which also happens to be in the GET array to do funky stuff... weird stuff will happen and the college will have a hard time to find it.

D41d8cd98f00b204e9800998ecf8427e

JWvdV

October 5, 2007, October 05, 2007 08:04, permalink

No rating. Login to rate!

I thougth that $_REQUEST is for things like this? Only your cookies are also in $_REQUEST.

78b0e32da6ce10e17db345a9aa8cde78

AlliXSenoS

October 5, 2007, October 05, 2007 08:34, permalink

No rating. Login to rate!

re: paul
is the code duplication worth the microscopic time save from two function calls?

re: mark
if the user wants to tamper with data, it's easier to do it in the querystring anyway... the combo function is meant for specific cases where I usually want a value from the querystring but might see a POST form here and there and want to read the value out from that, the arg_g and the arg_p are meant to be a lot more commonly used

A55a4980b72981384a6464ff595d8cc8

Don Wilson

October 5, 2007, October 05, 2007 22:40, permalink

1 rating. Login to rate!

Useless, bloated code IMHO.

584799d026024e108d87aeceb51804d3

JWvdV

October 6, 2007, October 06, 2007 06:14, permalink

No rating. Login to rate!

@Don: I completely agree with you. I don't see the benefit of this code...

D41d8cd98f00b204e9800998ecf8427e

Mike Weller

October 11, 2007, October 11, 2007 14:55, permalink

No rating. Login to rate!

Combining GET and POST is also bad from a security perspective. You don't want to allow GET requests for important POST functions like changing a user profile, because some h4x0r will start sending links around which are the GET versions of those actions, and some poor noobs (or worse, an admin) will click the link and do some damage. Keeping stuff POST only is good practice, but you also have to protect against CSRF with canary values etc.

55502f40dc8b7c769880b10874abc9d0

Marcus

October 26, 2007, October 26, 2007 17:24, permalink

No rating. Login to rate!

It's also important for sites that use both $_GET and $_POST at the same time, e.g. WorldPay's callback functions.

Your refactoring





Format Copy from initial code

or Cancel