Can a switch parameter get value automatically? - php

In my company's website, there's some code which I don't understand. It works fine. See:
extract($_REQUEST);
switch(#$task){
//Only for tracker app/ Later move to seperate api///
case "get_all_trackers":
$trackerObj = new trackerClass('trackerClass');
echo $service = $trackerObj->getAllTrackers($_POST);
break;
default:
//dsfsdfdsf
}
Now, you can see $task is not defined ("according to me"). But it somehow takes the string 'get_all_trackers' when requested. I came to know about this when I used PostMan and gave a parameter task=get_all_trackers and it worked. I even changed the name of $task to $somethingelse, and it still worked. How's it taking the value?


No. The one that's doing this is the extract() function. Based on your code, it assigns variables with names and values according to the $_REQUEST array key and value pairs.
Example:
Let's say the current URL is http://yourwebsite.com/yourpage.php?foo=bar.
Then $_REQUEST['foo'] would have a value of "bar". And if you use extract($_REQUEST), you would have a variable $foo, which has a value of "bar".

Related

warning:Cannot use a scalar value as an array

I have a very basic code.That involves sessions and array.
$abc=array();
$abc['name']=$db_name; //When i echo this one.It does echo the name i.e. 'Tilak'
$_SESSION['userpasswordmatch']=true;
$_SESSION['userpasswordmatch']['name']=$abc['name'];
echo $_SESSION['userpasswordmatch']['name'];
Now when i try to run the code.It shows me a warning stating cannot use a scalar value as an array as well as the echo part in the above code doesn't show anything.
Question :
1)Why am i seeing this error and what is the way to resolve this?
2)How to echo the above session.
Note :
1)$db_name is the name of the username that i get from the database.It works fine and i get the correct value in $db_name.
Update:
Same thing happens even if i do this :
$_SESSION['userpasswordmatch']=true;
$_SESSION['userpasswordmatch']['name']=$db_name;
echo $_SESSION['userpasswordmatch']['name'];

First you are defining $_SESSION['userpasswordmatch']=true;. true is a scalar value. Then $_SESSION['userpasswordmatch']['name']=$db_name; where you are treating $_SESSION['userpasswordmatch'] as an array.
You can simply do $_SESSION['userpasswordmatch']['name']=$db_name; and echo it.
No need for setting it to true. This would work -
$abc=array();
$abc['name']=$db_name; //When i echo this one.It does echo the name i.e. 'Tilak'
$_SESSION['userpasswordmatch']['name']=$abc['name'];
echo $_SESSION['userpasswordmatch']['name'];
Update
No need to define a blank array. When you are setting $_SESSION['userpasswordmatch']['name'] = $db_name;, $_SESSION['userpasswordmatch'] is already defined as an array.
$_SESSION['userpasswordmatch']['check']= true; // use this for that check

Outputting cookie in Laravel-5/Blade

I have cookie date stored in a serialized array which I would like to access via the Blade template.
If a cookie value is set matching the current field name, then I want to show it. I am currently using the following code, but I'm not sure how to access the array value.
{{{ Cookie::has('myBookingDetails') ? Cookie::get('myBookingDetails') : old('name') }}}
The value of the myBookingDetails cookie looks like this:
a:4:{s:4:"name";s:13:"Joe Bloggs";s:5:"email";s:29:"joe#domain.co.uk";s:5:"phone";s:11:"0777777777";s:3:"reg";s:6:"123456";}
How can I access the "name" value via Blade?

The data is serialized. You need to use unserialize() function to get the data.
$data = unserialize(Cookie::get('myBookingDetails'));
$name = $data['name']
Check for existence before use.

Don't know if previous answer solved your enigma, but I could give some help.
I fought with a similar case. Seems that in template - in laravel 5.1 - I couldn't access directly to cookies:
Cookie::get('cookiename') simply returns null
cookie('cookiename') returns a Symfony\Component\HttpFoundation\Cookie, but $cookie->getValue() returns (again) null.
The good old $_COOKIE['cookiename'] returns the right cookie, so you could simply go with unserialize( $_COOKIE['myBookingDetails'] )['name']; !
PS: It should be better to handle with cookies in controller and pass a normal variable to the view!

PHP: Delete Value of variable after 5 min

I have problem in print PDF from forms.
When new user go to my site and fill the forms and click submit to send data, i need to get this data in PDF file, So i can get the data for this user from :-
$lastid = mysql_insert_id();
But this i think is not good, When any other user go in this form and click print PDF, he get the last id.
So what can i do to delete the last id and cannot print any data for any user else have fill forms ??

I assume that you are getting data into $lastid because of mysql query execution if that so your query will be executed every time and the result will change depending upon users and their requirement.
But if you still want to do so you can use unset() function of php.
unset() destroys the specified variables. The behavior of unset() inside of a function can vary depending on what type of variable you are attempting to destroy. If a globalized variable is unset() inside of a function, only the local variable is destroyed. The variable in the calling environment will retain the same value as before unset() was called.
To unset() a global variable inside of a function, then use the $GLOBALS array to do so:
<?php
function foo()
{
unset($GLOBALS['bar']);
}
$bar = "something";
foo();
?>
Complete documentation can be found over here

Create a variable in one function and pass it to another in PHP

Let me first say I've spent a day reading three google pages of articles on this subject, as well as studied this page here.
Ok, here's my dilemma. I have two functions. Both called upon via AJAX. This first one assigns a value to the variable and the second one uses that variable. Both functions are triggered by two separate buttons and need to stay that way. The AJAX and the firing off of the functions work fine, but the variable isn't passed. Here is my code:
if( $_REQUEST["subjectLine"] ) //initiate first function
{
$CID = wpCreateChimpCampaign();
echo $CID; //this works
}
if( $_REQUEST["testEmails"] ) //initiate second function
{
echo $CID; //does not return anything but should contain "apple"
wpSendChimpTest($CID);
}
function wpCreateChimpCampaign () //first function
{
$CID = "apple";
return $CID;
}
function wpSendChimpTest ($CID) //second function
{
echo $CID; //does not return anything but should contain "apple"
}
I'm open to using a class but I haven't had much luck there either. I was hoping to solve this issue without using classes. Thanks for the help in advance!

If you are making 2 separate calls to this file, it may be helpful for you to visualise this as being 2 functions in 2 totally separate files. Although they exist in the same PHP file, because they used called in different calls, they don't retain the value of the variable $CID. Once the file has run, the variable is destroyed and when you call the file again, the value is null again.
So you need to store that variable between calls. You can either store it in a database or store it in a session variable.
So call session_start(); at the beginning of the file, then rather than use $CID, just use $_SESSION['CID'];

I'm not sure where the hold up is. The code you have will work:
$CID = wpCreateChimpCampaign(); // returns 'apple'
wpSendChimpTest($CID); // echos 'apple'

The code looks fine, but are you certain that all requirements are being met so both functions execute?
In other words are you supplying values for both $_REQUEST["subjectLine"] and $_REQUEST["testEmails"]?

$_GET with Switch Statement

i have alot of get values that define the page the user gonna see , for example for "profile" i will show the profile page and so on..
to find out what page to display i tried to do something like that:
switch ($_GET) {
case 'profile':
require_once('function/profile.php');
break;
case 'team':
require_once('function/team.php');
break;
but it shows no result..
i send the GET request like that : index.php?profile , for example..
what is the problem here and how can i can manage to do something similar that work as well. thank you in advance!

To make your example work, you could replace $_GET with key($_GET)
be aware though that key() will return the first key of an array, so if you change your URL's variable order, this line'll stop functioning.

$_GET is an array from the key value pairs found in the query string (part of the url after the script name and a question mark).
For example, the query string test=1&foo=bar will translate to:
Array(
test => 1
foo => 'bar'
)
In the OP example, index.php?profile, you will end up with a $_GET array like:
Array(
profile => null
)
Problem with doing urls like this is that it is non-standard. When you do things in a non-standard way, you have to come up with non-standard solutions to fix the problems.
Here are a few options along with issues that each has:
You can use $_SERVER['QUERY_STRING'] which will get you everything after the ? in the url. This is fine if the only thing passed in the url is just profile (or some other single value). In that case, $_SERVER['QUERY_STRING'] will have nothing but profile in it. But you also then lose the ability to pass additional parameters in the get string.
You can go with the method described by #stewe. The php key function will return the key from the current position in the array passed in. If you haven't done any looping, the current position is the first element. This will work fine with multiple get parameters as well. Your query string will just look like index.php?profile&test=1&foo=bar. The problem is that profile (or whatever page) has to be the first or else key will return whatever the key is for the first parameter passed.
Another option is to just go with the standard method of using a key and value. Regardless of page, you use the same key and just the value changes. You then have urls that look like index.php?page=profile and you can always access the page using $_GET['page'].
You can use mod_rewrite. It is simple to setup, most hosts support it (or some other similar) and there are millions of tutorials and examples on how to get it to work. You end up with the cleanest urls and it works with query string parameters. For example, /profile/ can be rewritten to point to /index.php?page=profile. The user sees /profile/ and php sees the standard. This allows you to use $_GET['page'] to get the requested page and not have to do extra parsing to get other values inside php.

$_GET is an array or variables that are populated based on the URL's query string. You need to do something like:
switch ($_GET['myVar']) { ... }
where your URL would look like:
http://www.domain.com/index.php?myVar=value
For more information, see the PHP Manual for $_GET.

$_GET by itself is not very useful to you. I suppose you are looking for a key, like 'page', right ? Remember to declare a default value as well.
so..
$page = $_GET['page'];
switch ($page) {
case 'profile':
require_once('function/profile.php');
break;
case 'team':
require_once('function/team.php');
break;
default:
require_once('function/page-not-found.php');
}

$_GET is a super global variable, where the data are sent as stored as array. So you have to
access it using Index
Assuming you page you are trying to include a page when the data are sent like this:
domain.com?page=product
Then you have to use switch like this
switch($_GET['page']) {
....
}
Note: May be I dont have to remind you how vulnerable this code towards injection.

It's an array, so you need to use a loop to iterate on the values:
foreach($_GET as $key => $val){
switch ($key) {
case 'profile':
require_once('function/profile.php');
break;
case 'team':
require_once('function/team.php');
break;
}
}

with foreach you can get the key and value pair
foreach ($_GET as $switchkey => $switchval) {
switch ($switchkey) {
case 'profile':
require_once('function/profile.php');
break;
case 'team':
require_once('function/team.php');
break;
}
}

i actually use the following after a normal get resulting in lfi/rfi vulnerabilities. the following solution was submitted to me via a bug bounty program and works great. notice the inclusion of the default attribute. very important. the following should be the only acceptable answer. Credit to the flying spaghetti monster(His Noodly Appendage)
switch($_GET['page']) {
case 'foo':
include('pages/foo.php');
break;
case 'bar':
include('pages/bar.php');
break;
default:
include('pages/home.php');
}

As mentioned before, the first thing that seems to come to mind is the non standard way of passing the information. which will generate some difficulties when you parse the values. Although, for me, the main problem is not checking/sanitazing/cleaning the data on $_GET. May be it's too obvious and since almost all the answers have been given by people who seem to know what are they doing, I'll assume they just didn't mention it because of that
But remember that if you don't check it, you are vulnerable to attacks and malfunction of your script. The extent of the damage depends on your own application, so it's not easy to predict.
In any case, this is what I'll do, including the html
<?php
// initialize variables
$variable_1 = false; // assume this is the page you want to load
$variable_2 = false;
$default = 'index.php'; // the idea is to load something controlled by you. index, error, 404, etc.
// process $_GET, check, clean and assign values
if ( isset( $_GET ) !== false ) {
foreach ( $_GET as $keys => $values ) {
// check both, $keys and $values for; character set, length, validity against a white list, content
// using an if to match the $keys garantees that regardless of the order, you will get what you want
if ( $keys === 'field_1' ) {
// do what you have to do with this, for instance ...
$variable_1 = $values;
}
if ( $keys === 'field_2' ) {
// do what you have to do with this, for instance ...
$variable_2 = $values;
}
unset( $_GET[$keys] );
}
unset ( $keys, $values );
}
// check there are no surprises on $_GET. Load and study anything here
if ( empty( $_GET ) === false ) {
// it should be empty, so log what is in here and prepare your code for that
unset( $_GET );
} else {
unset( $_GET );
}
// process the variables according to what you want to do
// if there are just a few options, and they are not going to change often
// use a switch, otherwise, use a method to check if a file/content exists
// for the request and load it. If it doesn't exist, inform the user
// with out giving away internals and suggest a new destination
// process other variables, here or before this part, wherever makes sense
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>testing get</title>
</head>
<body>
<form method="get" action="test_get_00.php" accept-charset="utf-8">
<p><label for="field_1">write something<input type="text" id="field_1" name="field_1" /></label></p>
<p><label for="field_2">write something<input type="text" id="field_2" name="field_2" /></label></p>
<p><button type="submit">send</button></p>
</form>
</body>
</html>
Of course you can do a few more things, but if you prepare your form properly, including the character set, you have less worries, or at least a few more known elements. It's not failproof, but it helps.
Also, the mechanics I mention above work on a white list mindset, that is the idea of the foreach, to check that you get what you expect and discard the rest, after logging it.

You are trying to archive SEO urls in the wrong way.
I see that index.php?profile is better then index.php?page=profile but it's the wrong way of act in this case.
You should use index.php?page=profile and then apply a rewrite rule to create SEO urls, like this one:
RewriteEngine On
RewriteRule ^(.*)$ index.php?page=$1
In this way your users will use:
http://example.com/profile
and the page displayed will be:
http://example.com/index.php?page=profile

instead of switching on the keys (as proposed by key($_GET)) you could define one variable, in $_GET (url) named for example 'action' which would containt 'profile', or 'team' or whatever you wish in the future. then your switch, simply, will be :
switch ($_GET['action'])
so whatever action you assign to this key, you can use as a case in your switch

Categories