0

is there a way to dynamically access $_GET and $_POST in one go? IE, something like:

$do = array('GET', 'POST');

foreach($do AS $type) {
    foreach (${'_'.type} AS $var=>$val) {
         ... # logic
    }
}

I understand that there is $_REQUEST, but that doesn't tell me source (get or post) and that there are deprecated HTTP_GET_VARS and HTTP_POST_VARS, but those are deprecated.

Clearly, I can just loop individually. The reason why I'm trying to avoid this is that the logic is a little lengthy but also identical. It would be ideal to not have to have a copy of this logic and open myself up to mistakes.

Or am I completely thinking about this the wrong way and there is some other recommended approach?

Thanks!

Thank you

Thank you for the great feedback everyone. I think @deceze answers the question most objectively, but @charlee (and later deceze as well) alludes to a better solution.

In the end, I created a function with logic and then placed that in my foreach, as such:

foreach($_GET AS $var => $val) {
    $_GET[$var] = func($val);
}

I do end up with two foreach()'s, but I appreciate the legibility and increased usability. Thank you again everyone!

Community
  • 1
  • 1
Appl3s
  • 177
  • 3
  • 11
  • 2
    $do = array_merge($_GET, $_POST); :) Source: http://stackoverflow.com/questions/1419175/why-would-you-merge-get-and-post-in-php – Stefan Herijgens Aug 11 '15 at 06:48
  • I wouldn't overwrite $_REQUEST, but merging the two collections together at the start is a good approach.. – user2864740 Aug 11 '15 at 06:51
  • Yeah, I just changed it. Didn't sound right to me as well. :-P – Stefan Herijgens Aug 11 '15 at 06:52
  • A similar question regarding this topic can be found here -> http://stackoverflow.com/questions/6651696/can-i-post-and-get-to-the-same-php-page – mrvncaragay Aug 11 '15 at 07:00
  • array_merge would also be bad because it would risk overwriting any existing variables – zanderwar Aug 11 '15 at 07:01
  • @Zanderwar It would be 'bad' only if such is not desired/expected. For a case like POST/GET I've never encountered a case where they were 'additive'. But it is still a difference of note. – user2864740 Aug 11 '15 at 07:30

4 Answers4

2
foreach (array('get' => $_GET, 'post' => $_POST) as $type => $values) {
    foreach ($values as $key => $value) {
        ...
    }
}
deceze
  • 510,633
  • 85
  • 743
  • 889
  • While a little bit better, the nested loops still feels "off' wrt the intended goal (as I am reading it, and it changes the shadowing a bit from a merge-first approach). – user2864740 Aug 11 '15 at 06:54
  • The intended goal seems to be to not have to repeat the code within the inner loop and apply it to both arrays. In this regard writing a function would indeed make the most sense. – deceze Aug 11 '15 at 06:56
1

If you do care about the source I suggest you loop individually. Its not safe to mash $_POST with $_GET because it would be much easier for hacker to pass data thru GET which is supposed to be POST.

Long logic can always be extracted to a function so you won't have a copy of this logic.

charlee
  • 1,309
  • 1
  • 11
  • 22
  • 2
    I'd like to see a clarification on that hacker part. GET is not any easier to spoof than POST, they're both trivial. Only in certain scenarios where you're trying to trick a third party is it easier to trick them into accessing a URL via GET than via POST. In the end neither is "safer" than the other though at all. – deceze Aug 11 '15 at 07:21
  • You are right. If you mix GET and POST I can make a url to trick the admin user to click it, like '/admin/delete-post.php?id=100'. This won't happen if `id` param is passed through POST. Yes I could make a form to submit the data, but this can be protected by CSRF. – charlee Aug 11 '15 at 14:13
  • Well, it would also be protected if the server properly checked whether the request is a GET or POST... – deceze Aug 11 '15 at 14:16
1

Merge your arrays with array_merge():

$_GET  = array('one' => 'foo', 'two' => 'bar');
$_POST = array('three' => 'foo', 'four' => 'bar');

$merged = array('_GET' => $_GET, '_POST' => $_POST);

foreach($merged AS $type => $array) {
    foreach ($array AS $var => $val) {
        echo "[{$type}] {$var}: {$val}" . PHP_EOL;
    }
}

Outputs

[_GET] one: foo
[_GET] two: bar
[_POST] three: foo
[_POST] four: bar

And yes, you shouldn't use $_REQUEST, because

it combines COOKIE as well as GET and POST, and the COOKIE data always takes precedence creating the possibility for dangerous "sticky" variables.

Community
  • 1
  • 1
Gottlieb Notschnabel
  • 9,408
  • 18
  • 74
  • 116
0

If the logic is identical, you can try using a function. Put your entire code in the function and pass the array that you want to loop through i.e. $_GET or $_POST. If you want to know the source as to whether it is GET or POST, you can try concatenation.

It would help to know what sort of an output you want.

Rachitta A Dua
  • 358
  • 1
  • 11