1

is there a class to handle $_REQUEST that makes the life of a php developer easier? I want to handle the client requests easier. I dont want to test with if(is_set($_REQUEST['blabla'])) {makesomthing();} I wish there could be a solution like this.

class rpclike
{
 public function getMember()
 {
  $memberid = $this->inputhandler['memberid'];
  $member = $this->memberclass->getmember($memberid);

   foreach($member as $mem)
   {
    echo $mem->id;
   }
 }

}

$rpc = new rpclike();

then if i call the rpclike from a javascript like this

<a href="#" onclick="GETURL("rpclike.php?getMember&memberid=22")">Get member</a>

Which class can do something like that?

Improve this question
3
  • Allowing the users to decide what will be called will always end in disaster. Commented Jan 6, 2010 at 22:59
  • i realy cant understand why the question is getting down voted, its a normal question. I think There is no reason to down vote Commented Jan 6, 2010 at 23:00
  • I don't like it because its prone to security problems. Any function you put in that class is going to be exposed to the web. You might be the lone developer for your project but someone else may see this and think it's a good idea, implement it and someone working on their project might not know the exposure and implement a delete_user method or something similar. Commented Jan 6, 2010 at 23:09

5 Answers 5

Reset to default
2

It's not recommended that you use $_REQUEST as it poses security concerns. You should be using one of $_GET, $_POST, or $_COOKIE depending on what global request var you are trying to retrieve. Your best bet would be to have something like the following:

class input {

    public static function get($key, $value = false) {
        return (!empty($_GET[$key])) ? $_GET[$key] : $value;
    }

    public static function post($key, $value = false) {
        return (!empty($_POST[$key])) ? $_POST[$key] : $value;
    }

    public static function cookie($key, $value = false) {
        return (!empty($_COOKIE[$key])) ? $_COOKIE[$key] : $value;
    }

}

You could then use the class like:

if (input::post('field', null) != null) {

}

or 

if (input::get('field', false) != false) {

}

Although this still requires testing, you can explicitly set the return values in the event no data was set for the global variable.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Don't forget to implement a get_magic_quotes_gpc() workaround.
Very true, thought about mentioning it... I'm just so used to having it turned off myself.
1

PHP doesn't really have a default class structure that you can utilize in that kind of manner, as it's origins are in procedural-based programming.

It would be fairly trivial for you to create a class like that if you felt the need for it. However, you would really just be adding overhead. If the convenience of it is worth it for you, then you could utilize the __get() and __set() methods to handle existence checks for you.

The fact that you want to use this for handling client requests in an easier fashion is probably a good indicator that you should move to something like an MVC framework, which usually handle URLs and route them to appropriate methods for you automatically. Most PHP frameworks will do this for you already. For a nice overview on how the process commonly works, you could see how CodeIgniter does it.

Improve this answer

1 Comment

thank you, you motivated me to use from now and the most time just the framewort codelgniter, have a nice evening
1

Aside from the obvious security risks involved in this, it is feasible. It's a common pattern to use for steering requests in an MVC system.

Say you request index.php?class=User&method=ViewProfile

$module = new $_GET['class']();
if(!method_exists($module,$_GET['method']))
$module->$eventName();
Improve this answer

Comments

0

I don't think so. Being able to invoke an arbitrary method would be a massive security hole.

Improve this answer

2 Comments

sure but first i would call before doing anything if(!$this->user->isadmin()) return false;
That's not necessarily the point. Assuming your system isn't secure (no system is 100% secure) and someone managed to spoof the admin credentials, they could potentially perform any operation. If you do your own dispatch you can at least limit this.
-1

Do something like:

url: /foo/bar?req=getMembers&memberid=22

Then you can do:

$request = $_GET['req'];
$request();

Slightly less dangerous version:

$req_methods = array(
    getMembers => 'some_function',
    saveMembers => 'another_function',
    sendMessage => 'send_him_an_email'
);
$request = $_GET['req'];
$req_methods[$request]();
Improve this answer

3 Comments

That seems just a little risky. E.g., what if someone requests something like /foo/bar?req=apache_child_terminate or some other dangerous function?
added slightly less dangerous version.
i would still suggest wrapping the latter with isset($req_methods[$request])

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.