How to block some php variable from being used
https://stackoverflow.com/questions/12960235
-
08-07-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
Team i work with keep using $_REQUEST variable when i told them many times to not use it and instead use $_POST and $_GET. i wonder if there is way to block this variable so if they use it again code gives fatal error. Or perhaps deprecate it somehow.
e.g. i can put unset($_REQUEST); in the top of my includes file but i bet they can find it and disable, i need to be able to do it on server side.
解决方案
Am not sure of any official way even request_order does not mean it will leave the super globals array REQUEST empty.
What you can do is have your own little scanner .. looking of REQUEST in there code .. (Please Note this is just an experiment)
ini_set("display_erros", "On");
error_reporting(E_ALL);
set_time_limit(0);
findUsage(__DIR__,'$_REQUEST');
Output Example
$_REQUEST Found in /public_html/www/stockoverflow/a.php Line 7
$_REQUEST Found in /public_html/www/stockoverflow/c.php Line 3
$_REQUEST Found in /public_html/www/stockoverflow/lib/phpThumb/demo/index.php Line 2
$_REQUEST Found in /public_html/www/stockoverflow/lib/phpThumb/demo/phpThumb.demo.gallery.php Line 36
$_REQUEST Found in /public_html/www/stockoverflow/lib/phpThumb/demo/phpThumb.demo.gallery.php Line 45
$_REQUEST Found in /public_html/www/stockoverflow/lib/phpThumb/demo/phpThumb.demo.gallery.php Line 47
$_REQUEST Found in /public_html/www/stockoverflow/lib/phpThumb/demo/phpThumb.demo.gallery.php Line 4
Function Used
function findUsage($projectDir,$find) {
echo "<pre>";
$di = new RecursiveIteratorIterator(new RecursiveDirectoryIterator(__DIR__, FilesystemIterator::SKIP_DOTS));
foreach ( $di as $file ) {
if (! $file->isFile() || $file->getExtension() != "php")
continue;
$n = 0;
foreach ( file($file) as $line ) {
$n ++;
if (strpos($line, $find) !== false) {
echo $find, " Found in $file Line $n \n";
flush();
}
}
}
}
其他提示
If you wanna do this to make your code safe, you can make your own $_Request and it's safe (put it in bootstrap)
$_REQUEST = array_merge($_GET, $_POST);
