Friday, April 15, 2011

php get variables as key with no value assigned

If I enter the following into the browser:

   http://domain.com/script.php?1234

And script.php has the following script:

   $key=array_keys($_GET);
   echo $key[0];

The output will be:

   1234

(I'm trying to do away with the ugly ?r=1234 and if this works, it will be perfect.)

My question is, is this officially correct or it's poor programming?

From stackoverflow

  • Nothing can be officially correct, if it works for you then by all means use it. Btw the issue with that is matching what value is what.

    When you have example.com?1234&4567 Then you will have two values with no key name to tell you what is what.

    But if you want to do away with ugly url's, you should look into mod_rewrite

    Beginners guide

    Another beginners guide

  • You shouldn't use this approach. If you don't want your variables to be shown you can use URL rewrite to make the URL look good. Also, don't forget to sanitize your $_GET :)

    Actually, in your example, 1234 is the variable you send through GET, with no value, if you want to look it this way.

  • This is correct. The variable is called 1234 and it has no value. That means

    GET['1234'] == '';

    You could as well write http://example.com?1234=10 Then the result would be

    GET['1234'] == '10';
    phresnel : better use the official http://example.com next time, see http://tools.ietf.org/html/rfc2606#section-3 .
    soulmerge : Thanks, didn't know there was an RFC for that

  • You could as well do 

    echo $_SERVER['QUERY_STRING']

    As for creating friendly URLs, there are better ways to do it.

    See e.g.: http://stackoverflow.com/questions/505338/get-and-url-rewriting-for-php

  • My question is, is this officially correct or it's poor programming?

    Query-parameter-without-value is not documented to work, though it probably will continue to in practice.

    If you just want to grab the whole query string without parsing it as parameters, the best thing to do would be to say so directly:

    echo $_SERVER['QUERY_STRING']

    (Whatever you do, don't echo it directly though! Either sanitise the value by eg. converting it to an integer, or, if you want to allow an arbitrary string, output it escaped suitably for JavaScript, by backslash-escaping quotes and backslashes.)

Posted by Ku XI at 7:48 AM

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)