12

I am parsing the REQUEST_URI into an array.

Right now i have the following code:

private function load_url_vars()
{
    if (preg_match('/^.+\?(.+)$/', $_SERVER["REQUEST_URI"], $matches))
    {
        $varpairs = preg_split("/&/", $matches[1]);
        foreach ($varpairs as $varpair)
        {
            if (preg_match('/^([A-Za-z_]+)=(.*)$/', $varpair, $varmatch))
            {
                $this->urlvars[$varmatch[1]] = urldecode($varmatch[2]);
            }
        }
    }
}

Are there any security concerns by doing it this way? Is this a good way of parsing it?

Edit: language

Improve this question
6
  • There are no security concerns, but you already get all that in _GET superglobal so what's the point of your code? Commented Apr 1, 2011 at 13:02
  • when using mod_rewrite it's better to parse it in php, than in .htaccess Commented Apr 1, 2011 at 13:15
  • I've read all current comments and you're wrong in your idea. It doesn't matter if you use mod_rewrite or not, even if your url looks like /controller/method/id/?some_long_text=some_variable - you will have them available under $_GET array, as long as there's properly formed querystring that can be parsed into $_GET. Test it before you try to fix it. Commented Apr 1, 2011 at 13:31
  • I did test that before I even made this post. This is the var_dump($_GET) for "/home/index/?test=willitwork": array(2) { ["controller"]=> string(4) "home" ["method"]=> string(5) "index" } Commented Apr 1, 2011 at 14:02
  • PHP parses the url that mod_rewrite made, not the one the sent from user. Commented Apr 1, 2011 at 14:04

4 Answers 4

Reset to default
22

You also can do with php in built functions. Which will be an efficient way.

$urlArr=parse_url($_SERVER['REQUEST_URI']);
parse_str($urlArr['query'], $output);

print_r($output);
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

+1 Probably more useful for most than the accepted answer. Path relative to the root in $urlArr[0] and a neat array with path, whole query, and separate query parameters in $output. Works well together with redirecting non-files and non-directories to index.php or similar using .htaccess.
simplest answer and far better, considering that accepted answer will throw warning, if there's no query part in the URI
8

There is no security concern, but your solution is quite fiddly. It's already possible to accomplish that with parse_str (and parse_url for splitting up the path). Or in your case just:

list($path, $qs) = explode("?", $_SERVER["REQUEST_URI"], 2);
parse_str($qs, $this->urlvars);
Improve this answer

2 Comments

Thanks. Had no idea parse_str did that :D
this creates a "notice" if REQUEST_URI doesn't contain a ?
3 
$the_array = explode('/', trim($_SERVER['REQUEST_URI'], '/'));
Improve this answer

Comments

1

Why not just use the $_GET dictionary?

Improve this answer

5 Comments

Because I'm using mod_rewrite
If you're going after pretty URLs, often times all the querystring is compacted into directory levels; this/is/the/uri/path rather than this?is=the&uri=path. In the case of the former, in that you've rewritten it for prettiness, you can just explode('/', $uri) the REQUEST_URI
TomcatExodus: I'm doing both. My urls are /controller/method/id, and then any additional vars as ?var=something
you can pass query strings with mod_rewrite using QSA flag
I came here because for some reason $_GET and $_REQUEST where empty on my Wordpress while $_SERVER['REQUEST_URI'] was containing the required variables.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.