Can anyone explain the following PHP Code ?

Question

Hello

Can anyone explain the following PHP Code ?

function get_param($param_name, $param_type = 0)
    {
      global $HTTP_POST_VARS, $HTTP_GET_VARS;

      $param_value = "";
     if (isset($_POST)) {
       if (isset($_POST[$param_name]) && $param_type != GET)
         $param_value = $_POST[$param_name];
       elseif (isset($_GET[$param_name]) && $param_type != POST)
         $param_value = $_GET[$param_name];
     } else {
       if (isset($HTTP_POST_VARS[$param_name]) && $param_type != GET)
         $param_value = $HTTP_POST_VARS[$param_name];
       elseif (isset($HTTP_GET_VARS[$param_name]) && $param_type != POST)
         $param_value = $HTTP_GET_VARS[$param_name];
     }

     return strip($param_value);
    }

function strip($value)
    {
     if (get_magic_quotes_gpc() == 0) {
         return $value;
     } else {
      return stripslashes($value);
     }
    }

---

UPDATE

It is used like this:

$xml = get_param('xml');

Answer 1

function get_param($param_name, $param_type = 0)

This returns a parameter value, with a given type, POST, or GET, which is optional. The value is stripped of slashes.

function strip($value)

This returns the parameter without slashes.

I agree with the other comments that this code was written prior to 2003, and should not be used, unless for supporting old code.

Answer 2

The code gets the value from the get and post data arrays. It also strips slashes on php installations that have magic quotes enabled. It looks like the function is made for backwards compatibility with older version of PHP. I wouldn't use this unless you are required to support older versions of PHP.

You don't need to make any changes for this to work in PHP 5, however I would just do the following: For Get data:

if(isset($_GET['param_name'])){
    // What ever you want to do with the value
}

For Post data:

if(isset($_POST['param_name'])){
    // What ever you want to do with the value
}

You should also read up on Magic Quotes since it was not deprecated till PHP 5.3.0 and you may need to be concerned about it.

The updated function could also be written as:

function get_param($param_name, $param_type = 0)
{

  $param_value = "";
  if (isset($_POST[$param_name]) && $param_type != GET){
      $param_value = $_POST[$param_name];
  }
  elseif (isset($_GET[$param_name]) && $param_type != POST){
      $param_value = $_GET[$param_name];
  }
  return strip($param_value);
}

Strip can be left alone.

Answer 3

It appears that is is trying to extract a value from the query string based on the name of the parameter. It is first checking to see if the $_POST variable is valid, and if not, check the $HTTP_POST_VARS. If either one of them are valid, it will return the value with the name of $param_name. For instance, if $param_name = "foo", it will check $_POST["foo"].

Answer 4

Looks like some insane way of making sure you're getting the correct GET/POST vars. Most of the code from get_param() seems to be a way to make the code work on almost any php version, since it's using the legacy methods, you should have a look at the PHP Manual about _GET/_POST

Answer 5

The code is a function that takes a parameter's name ($param_name) and the HTTP request type it's expected to be found in (GET or POST), then looks through the current ($_GET and $_POST) and deprecated ($HTTP_GET_VARS and $HTTP_POST_VARS) request variable arrays for a value matching that name. Before it returns, it tries to strip extra slashes out of the value it found.

So for example, if I passed this HTTP request:

http://www.example.com/explain_function.php?key=value

then ran the function

get_param("key", "GET");

It would return "value".