Does Yii::$app>request->post() clean $_POST variables? - php

Just want to know if Yii2 cleans the $_POST variables if I use this method:
Yii::$app->request->post()
If suppose I am using the following method to get the value of x:
$x = Yii::$app->request->post('x');
Does Yii2 framework internally cleans the $_POST variable? Or else we have to do it manually?


No, the $_POST stays untouched, in its initial condition.
Yii just copies and holds it in private $_bodyParams property.
And I don't think it's a good practice to manually modify or clean $_POST parameters.

Related

Undefined variable _POST if called dynamically [duplicate]

I'm attempting to dynamically access both the $_GET and $_POST arrays, among others, using variable variables. The reason I'm trying to do this is so that I can perform similar actions on multiple arrays without needing to declare specific iterations for each. I'm reasonably sure this is possible, as PHP's documentation says it is able to use variable variables to dynamically access an array, however I'm unable to get it to work. A simple demonstration is when I'm attempting to verify that a certain property has been set.
if(isset(${$this->_array}[$property])) { return ${$this->_array}[$property]; }
else { return null; }
When I run the above script I always get null, however when I statically seek the desired property, manually using $_GET or $_POST, I get the desired outcome. I have triple checked $this->_array and $property and they are returning the correct string values. Are these arrays unavailable for such access, or am I doing something wrong?

Superglobals (such as $_POST) can not be used as variable variables within functions.
You could say something like $post = $_POST; and then use 'post' and it'd work, but directly using '_POST' won't.

Superglobals cannot be referenced as variable variables inside of classes or methods, so this will work:
<?php
$var = "_GET";
print_r(${$var});
But this will not:
<?php
test();
function test() {
$var = "_GET";
print_r(${$var});
}
I suspect that there is a better way to do what you are trying to accomplish.
http://php.net/manual/en/language.variables.superglobals.php#refsect1-language.variables.superglobals-notes

Whatever you're doing wrong, using variable variables is probably making it worse. For your own sanity, please stop. They should never be deployed in production code under any circumstances. They're impossible to debug, and using them in your code is like trying to read something that someone else wrote with their feet. If they have particularly dexterous feet, then perhaps you can understand what they're doing. But 99.9999% of the time, it is better to just use normal arrays.
That being said, try $_REQUEST instead.

There's already an array that contains both $_GET and $_POST. It's named $_REQUEST. Having said that, it can also contain the contents of $_COOKIE depending on the request_order setting, but the default is just $_GET and $_POST.

You say you want to access both the $_GET and $_POST arrays, among others -- what are these 'others'? You can use $_REQUEST to check the contents of $_GET, $_POST, and $_COOKIE all at once.

you can do this but dont know if it is a good coding practice
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
$method = '_POST';
}
else {
$method = '_GET';
}
$data = $$method;

You can create an associative array that references both arrays, and use that.
$params = [
'_GET' => $_GET,
'_POST' => $_POST
];
Then you can use
return $params[$this->_array][$property] ?? null;

Is $_GET available in all created classes?

I do one request and my URL has a parameter like this .../index.php?customer=abc
In index.php's class $_GET['customer'] is available.
There are multiple other classes being created then.
Finally in somefile.php containing some different class someClass, $_GET['customer'] is no more available.
I am forced to use a framework that uses a form that eval()s PHP code on button click.
new TDynButton($body, "login", ... , "\$this->win->doLogin();");
IndoLogin() there is no $_GET['customer']. Cannot understand why. Is it possible if this framework uses action=GET in the background that I am losing my $_GET? Im totally lost.
Thanks.

My approach would be to give the information in $_GET['customer'] to the instatiated object by passing it in the constructor and store it in a private member. This way you have the information needed and no direct access to $_GET is nessessary. This is anyway a better design I think.

$_GET is a global variable that will be available throughout the script you use it in. You have to pass it to the script, though - such as somefile.php?customer=peter

Yes, $_GET is a superglobal variable that is available in all PHP scripts.
And yes, generally, framework convert/sanitaze the GET/POST arrays and clears them.

PHP $_GET/$_POST via variable variables

I'm attempting to dynamically access both the $_GET and $_POST arrays, among others, using variable variables. The reason I'm trying to do this is so that I can perform similar actions on multiple arrays without needing to declare specific iterations for each. I'm reasonably sure this is possible, as PHP's documentation says it is able to use variable variables to dynamically access an array, however I'm unable to get it to work. A simple demonstration is when I'm attempting to verify that a certain property has been set.
if(isset(${$this->_array}[$property])) { return ${$this->_array}[$property]; }
else { return null; }
When I run the above script I always get null, however when I statically seek the desired property, manually using $_GET or $_POST, I get the desired outcome. I have triple checked $this->_array and $property and they are returning the correct string values. Are these arrays unavailable for such access, or am I doing something wrong?

Superglobals (such as $_POST) can not be used as variable variables within functions.
You could say something like $post = $_POST; and then use 'post' and it'd work, but directly using '_POST' won't.

Superglobals cannot be referenced as variable variables inside of classes or methods, so this will work:
<?php
$var = "_GET";
print_r(${$var});
But this will not:
<?php
test();
function test() {
$var = "_GET";
print_r(${$var});
}
I suspect that there is a better way to do what you are trying to accomplish.
http://php.net/manual/en/language.variables.superglobals.php#refsect1-language.variables.superglobals-notes

Whatever you're doing wrong, using variable variables is probably making it worse. For your own sanity, please stop. They should never be deployed in production code under any circumstances. They're impossible to debug, and using them in your code is like trying to read something that someone else wrote with their feet. If they have particularly dexterous feet, then perhaps you can understand what they're doing. But 99.9999% of the time, it is better to just use normal arrays.
That being said, try $_REQUEST instead.

There's already an array that contains both $_GET and $_POST. It's named $_REQUEST. Having said that, it can also contain the contents of $_COOKIE depending on the request_order setting, but the default is just $_GET and $_POST.

You say you want to access both the $_GET and $_POST arrays, among others -- what are these 'others'? You can use $_REQUEST to check the contents of $_GET, $_POST, and $_COOKIE all at once.

you can do this but dont know if it is a good coding practice
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) {
$method = '_POST';
}
else {
$method = '_GET';
}
$data = $$method;

You can create an associative array that references both arrays, and use that.
$params = [
'_GET' => $_GET,
'_POST' => $_POST
];
Then you can use
return $params[$this->_array][$property] ?? null;

how to obtain $_GET object from zend framework

So suppose I have the url:
http://url?x=1&y=2
Then I can just get all the get parameters via PHP using the $_GET variable
so print_r($_GET) will echo all the get variables
Now suppose I'm using zend framework and i'm trying to take advantage of the /var/value/var/value feature:
so now my url is
http://url/controller/action/x/1/y/2
I know how to get the values for individual parameters x and y:
$this->request = $this->getRequest();
$x = $this->request->getParam('x');
But suppose if I want to get all the GET parameters just like using the $_GET object without Zend framework so that I don't have to access the variable individually....how do I do this within the framework using that newly formatted url?

If all you want is $_GET, use $request->getQuery()
If you want merged parameters (like getParam() does, use $request->getParams()

CodeIgniter's Input Class

Can I use CodeIgniter's input class to xss clean GET data like this:
$somevar = $this->input->xss_clean($_GET['somevar']);
CodeIgniter's suggest that xss_clean method should be used for the submitted data.
I wonder whether $_GET vars are submitted or just visiting a URL.
So can i use it in that fashion?

Try using:
$this->input->get()
This function is identical to the post function, only it fetches get data:
$this->input->get('somevar', TRUE);
The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.
The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;

The GET array is unset by CI on startup because it uses the URI segments instead.
But you can use the xss_clean method on any var you want, just like your example, but you will find $_GET to be empty. The input class is available everywhere by default.

Categories