Database Reference
In-Depth Information
The following listing shows how to get the parameter names and loop through each
parameter to print its name and value, printing multiple-valued parameters as a comma-
separated list:
params
=
cgi
.
params
param_names
=
cgi
.
params
.
keys
param_names
.
sort!
page
<<
cgi
.
p
{
"Parameter names:"
+
param_names
.
join
(
", "
) }
list
=
""
param_names
.
each
do
|
name
|
val
=
params
[
name
]
list
<<
cgi
.
li
{
"type=
#{
val
.
class
}
, name=
#{
name
}
, value="
+
CGI
.
escapeHTML
(
val
.
join
(
", "
))
}
end
page
<<
cgi
.
ul
{
list
}
The
cgi
module understands both
;
and
&
as URL parameter separator characters.
PHP.
Input parameters are available to PHP several ways, depending on your config‐
uration settings:
• If the
track_vars
variable is enabled (which it is by default), parameters are avail‐
able in the
$_GET
and
$_POST
arrays. If a form contains a field named
id
, the value
is available as
$_GET["id"]
or
$_POST["id"]
, depending on whether the form was
submitted via
get
or
post
.
$_GET
and
$_POST
are “superglobal” arrays (accessible
in any scope without being declared as global).
• If the
register_globals
variable is enabled, parameters are assigned to global
variables of the same name. In this case, the value of a field named
id
is available
as the variable
$id
, regardless of whether the request was sent via
get
or
post
. It's
dangerous to rely on this variable, for reasons described shortly. PHP scripts in this
book do not rely on
register_globals
(which in any case is deprecated in PHP
5.3 and removed in 5.4). Instead, they obtain input through the global parameter
arrays.
The
track_vars
and (if present)
register_globals
settings can be compiled into PHP
or configured in the PHP
php.ini
file. As mentioned previously,
track_vars
is enabled
by default, so I'll assume that this is true for your PHP installation.
register_globals
was designed to make it convenient to access input parameters
through global variables, but it poses a security risk and is therefore best disabled in
versions of PHP that have it. Suppose that you write a script that requires the user to
supply a password, represented by the
$password
variable. In the script, you might check
the password like this:
