Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Regular Coder
    Join Date
    Aug 2010
    Location
    Now Southern Oregon. I was born and had lived my life in Los Angeles until relocating last year (2010)
    Posts
    208
    Thanks
    52
    Thanked 1 Time in 1 Post

    dynamic switch/case labels?

    I am developing a system that at one point will have a variable number
    of items with anchor tag href attribute query strings
    such as:
    <a href="?item=(item value written by php script">Item</a>
    ditto with different item value
    etc...

    So the server sees $_GET['item'];

    In order to detect a bad query string
    (user or network sniffer tampers with the string)
    I need to have case labels in a switch block to detect bad values that change
    with the potential list length of items.
    Is this possible without a lot of code gymnastics with eval() or.....???
    It would be asking for trouble using eval() in this situation.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,089
    Thanks
    51
    Thanked 506 Times in 493 Posts
    As far as I know, there is no way to create dynamic case's for a switch. You CAN however use a function as a case - that function could for instance pull a load of bad words from a database table, check them and return true if your term is found. It then either executes that block or moves onto the next or default. Of course that being the case you could simply just use that function by itself.

    If you're looking to have individual bits of code for different terms then (despite what you hear about eval) you could store each term in the database with some php in another column. When matched, you then eval that piece of php.
    My helpful sig is on vacation trying to loose some weight. It got a bit fat and caused a few problems but it will be back at some point!

  • Users who have thanked tangoforce for this post:

    anotherJEK (04-11-2012)

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,978
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Afraid not. There isn't any real dynamic way to write a switch itself; cases do not allow complicated data unless its been dereferenced to a specific level (like $a[0]).
    Why not just use in_array checks? You can add whatever you want to the in_array. A simple multi-dimensional array will let you contain a condition check, and a function to call.
    PHP Code:
    $aVerify = array(
        array(
    'func' => 'doAnimal''options' => array('cat''dog''mouse')),
    );

    $sSelected 'mouse';
    foreach (
    $aVerify AS $options)
    {
        if (
    in_array($sSelected$options['options']))
        {
            
    $func $options['func']; // I don't *think* you can deref a function from an array directly. . .
            
    $func($sSelected);
            break;
        }

    Or something along that lines. Objects can be of great benefit here too, and could be constructed as a callable type as well.

  • Users who have thanked Fou-Lu for this post:

    anotherJEK (04-11-2012)

  • #4
    Regular Coder
    Join Date
    Aug 2010
    Location
    Now Southern Oregon. I was born and had lived my life in Los Angeles until relocating last year (2010)
    Posts
    208
    Thanks
    52
    Thanked 1 Time in 1 Post

    What I came up with

    The specific project calls for loading a variable list of image files into
    image tags surrounded with anchor tags.

    What I have done is created an index file in php that declares an array
    PHP Code:
    // index file named imageIndexFile.php
    <?php
    $_imgLst 
    = array();
    //for example
    $_imgLst['anchor href query string  value'] = 'image file';
    ?>
    Then in the processing script/html page,
    PHP Code:
    include('imageIndexFile.php');
    if(isset(
    $_imgLst[$_GET['item']]))
      {
       ; 
    // proceed with markup generation code
      
    }
    else
      {
        
    $_outPut 'bad query string';
      }
    // my variable naming is my way of rapidly finding variable references 
    The image index file is rewritten every time the user requests this
    content.

    MY ONLY problem with this is the potential for devious user
    sending php code in $_GET request and having it executed in
    [''] syntax.
    Is this a potential problem?

  • #5
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,978
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Potentially. How is imageIndexFile.php created? If it allows any type of user input in it, then potential exists for a parsable issue yes. If its simply a matter of say glob on a directory, then no there wouldn't be a problem with that.
    Now, when you specify rewritten, do you mean the actual code, or just the output data? The code really shouldn't be changing in here; if the data is dynamic, you should consider using a db or even a flat file above html root.

  • #6
    Regular Coder
    Join Date
    Aug 2010
    Location
    Now Southern Oregon. I was born and had lived my life in Los Angeles until relocating last year (2010)
    Posts
    208
    Thanks
    52
    Thanked 1 Time in 1 Post

    clarification response

    imageIndexFile.php is created by opening and reading a directory with a list of images. There is no user input here.
    I am working on a CMS system for a web site that displays product images.
    The only user interaction is to place images to be prepared and placed on display in the web site.
    'rewritten' means that the imageIndexFile.php is rewritten (image directory is re read and the contents are re written to this file)
    on every request.
    I do it this way because each time an image in this directory is prepared,
    it is removed from the directory and placed in another directory. So the image list changes.
    When the user views an image and assigns it, then goes back to
    the display list, it will not appear because it has been removed.
    (the user does not have to wonder if it has been seen and processed).
    Also, new images can be inserted in the directory.
    So, the index file is rewritten on every request for its content.
    The $_GET['item'] come from query string appended to href
    attribute in web page, a hacker might attempt to tamper by altering the string.
    (Copies page source and alters query strings, then sends altered request)

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,978
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    I don't see a need to have the code rewritten. Directories can be scanned for their contents, served as necessary, and files can be moved / copied from one location to another. Perhaps I just misunderstand what you are actually doing here, but there isn't a need to rewrite the PHP source at all.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •