Is it bad practice to dynamically create a variable from array to read a $_GET method in php -


going through php class file @ work found interesting snippet. script dynamically creating variable, dynamically checking if there active $_get[''] variable it's creating , if there it's loading $_get data , if it's not it's writing n/a variable it's dynamically creating. script continues on switch function same logic it's case breaks.

1.) safe?

2.) can attacked?

3.) there easier way this?

4.) why this?

$switch_types = array("id","type","page");  foreach ($switch_types $key => $value) {     $$value = $value;     if(isset($_get[$$value])){         $$value = $_get[$$value];         }     else{         $$value = "n/a";     }         } 

this long-winded way write:

$id = isset($_get['id']) ? $_get['id'] : 'n/a'; $type = isset($_get['type']) ? $_get['type'] : 'n/a'; $page = isset($_get['page']) ? $_get['page'] : 'n/a'; 

it's safe because list of variables assign specified in program, doesn't come dynamically client.

there's unnecessary code in loop -- $$value = $value not needed. can simplified to:

foreach ($switch_types $value) {     if(isset($_get[$value])){         $$value = $_get[$value];         }     else{         $$value = "n/a";     }         } 

or:

foreach ($switch_types $value) {     $$value = isset($_get[$value]) ? $_get[$value] : 'n/a'; } 

Comments

Popular posts from this blog

javascript - gulp-nodemon - nodejs restart after file change - Error: listen EADDRINUSE events.js:85 -

Fatal Python error: Py_Initialize: unable to load the file system codec. ImportError: No module named 'encodings' -

javascript - oscilloscope of speaker input stops rendering after a few seconds -