07-27-2007, 10:07 AM
Do you guys always convert your GET and/or POST variables to regular variables
$variable = foo;? On a page, I'm using a GET variable about 10 times, would it be more efficient to convert it to a regular variable (I'm sure there's a name for this type of variable) at the beginning? Does it have anything to do with load on the PHP (interpreter, like it goes to check the variable from the URL every time, which is maybe more of a strain than from the document itself), or just mere file size?
07-27-2007, 10:08 AM
I just think its easier to type a variable name rather than $_GET['var'];
The strain on the parser is the same whether you assign it to a variable or not. Also it helps for preventing mysql injection. Declaring the variables to empty to start with and then checking the data to see if its valid and then reassigning it the variable. I don't think you can do this
$_GET['var'] = '';
I could be wrong though, don't know.
Guess you can do that though again, it takes a little more work to type e.g. SHIFT + 4 _ G E T [ ' foo ' ], compared to a variable called foo.
$foo = $_GET['foo'];
if(isset($foo)) echo 'Foo is set!';
07-27-2007, 04:30 PM
I prefer to leave variables in their original form unless there is an overriding need to alter it (or I alter the variable via script) , there is no protection against injection unless register_globals is on and variables are not declared locally before they are used (or filtered if they are GPC)
From a resource viewpoint there is an (probably too small to measure) overhead in declaring the variable twice (even if you then unset the original) so if resource usage worries you then don't do it.
It is easier on the typing though ;)
07-27-2007, 04:59 PM
For variables that might or might not exist (from a form, a url, a cookie, a session...) I always do something like this near the beginning of the code -
$get_action = isset($_GET['action']) ? $_GET['action'] : '';The variable is then only checked if it exists once and is evaluated only once. The internal variable will then exist through out the remainder of the code with either the actual input or an empty string.
07-27-2007, 05:03 PM
I don't understand making it empty first, why does that help?
I have example.com/?var=foo, and let's say I want to echo $var on that page (plain text, all that is on the page is foo). How would you do that?