#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2007
    Posts
    3
    Rep Power
    0

    $_REQUEST a massive array of everything


    I am busy writing a function to request data that has been sent to the same page.

    It works on my windows laptop with LAMP configured on it, when I uploaded my code to my server, it just does not $_REQUEST it correctly.

    Is there a way to make this more robust or any suggestions you have?

    PHP Code:
    private static function RequestPassedData($query)
            {
                
    $trigger false;
            
            
    $query strtoupper($query);
                
                
    $result_set mysql_query($query);
                
                
    $arrayQuery explode(" ",$query);
                
    $ret_val "";
                
                for (
    $i 0$i<sizeof($arrayQuery);$i++)
                {                
                    if (
    $arrayQuery[$i]=="FROM"$ret_val .= "table;".$arrayQuery[$i+1].";";
                }
                
            while (
    $rows mysql_fetch_array($result_set))
            {
            for (
    $i $i<(sizeof($rows)/2); $i++)
            {
                if (isset(
    $_REQUEST[mysql_fieldname($result_set,$i)]))
                {
                
    //$ret_val .=  "fieldID;".mysql_fieldname($result_set,$i).";fieldValue;".$_REQUEST[mysql_fieldname($result_set,$i)].";";
                
    $ret_val .=  mysql_fieldname($result_set,$i).";".$_REQUEST[mysql_fieldname($result_set,$i)].";";
                }
            } 
            break;
            }
            return 
    explode(";",$ret_val);
            } 
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    what's the exact content of $_REQUEST? What about $_POST and $_GET?

    Apart from that, your function looks a bit ... weird. Why do you uppercase the whole query? What if you have strings in it? Why do you use a while loop when you immediately break it after the first iteration? Why do you use those weird (and inefficient) mysql_fieldname constructs instead of simply fetching an associative array with mysql_fetch_assoc?

    Also note that the old MySQL extension is obsolete since almost 10 years and will be officially deprecated in the next PHP version. But I guess it's too late to switch?
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Frequenter (2500 - 2999 posts)

    Join Date
    Dec 2004
    Posts
    2,990
    Rep Power
    375
    isnt there a setting in PHP that allows $_REQUEST variable to not "be turned on"? in php.ini
  6. #4
  7. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6351
    I'm not sure what this function even does or why it's so unnecessarily complex, but the basic answer you want is "don't use $_REQUEST, use $_GET, $_POST, and $_COOKIE where appropriate." $_REQUEST is a "cheating" hold-over from older versions of PHP and, as you've found, may not be turned on.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.

IMN logo majestic logo threadwatch logo seochat tools logo