views:

143

answers:

4

I've finally remembered what to ask. I never really got what : and ? do when a variable is being defined like this:

$ip = ($_SERVER['HTTP_X_FORWARD_FOR']) ? $_SERVER['HTTP_X_FORWARD_FOR'] : $_SERVER['REMOTE_ADDR'];

As you can see there is ? and : and ( )

Could anyone give me a brief detail about why and how they are used for?

Thanks.

+21  A: 

The expression looks like this:

$var = (condition) ? if_true : if_false

?: is the ternary operator. If condition is true, $var will be assigned the value if_true; otherwise it will be assigned the value if_false.

In your particular case:

  • This assigns the value of the X-Forwarded-For HTTP header to $ip if it exists; otherwise it uses the remote address itself.

  • This is usually used as a way to get a client's IP address. However, note that in general this is a terrible way to check for client identity. See this StackOverflow question. (Use session cookies or some sort of authentication if you need to make sure users don't clobber each other.)

  • Also, it's HTTP_X_FORWARDED_FOR, not HTTP_X_FORWARD_FOR.

  • Finally, HTTP_X_FORWARDED_FOR can be a comma-delimited list of IP addresses, not just a single one, so this has the potential to be a bug.

John Feminella
+1 for the "answer + bug hunt" :)
kbok
Very brief. Accepted answer, also nice tips :)
YouBook
Also would you mind doing a brief about multiple ternary operators within one logical statement. This will be helpful to others. +1
RobertPitt
@RobertPitt: the brief advice would be: don't do it! Nested ternary operators quickly become unwieldy, unintelligible, unmaintainable code.
janmoesen
@John: +1, and I cannot help but mention that X-Forwarded-For,like other headers, is completely spoofable. You could set `$ip` to `127.0.0.1` simply by saying so in your header. So this code would be open to "normal" bugs and "security" vulnerabilities.
janmoesen
+2  A: 

It's known as a ternary operator and is shorthand for (in your case):

if($_SERVER['HTTP_X_FORWARD_FOR'])
{
    $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
}
else
{
    $ip = $_SERVER['REMOTE_ADDR'];
}
Rowland Shaw
A: 
"?:" (or ternary) operator

The expression (expr1) ? (expr2) : (expr3) evaluates to expr2 if expr1 evaluates to TRUE, and expr3 if expr1 evaluates to FALSE

See this example:

<?php
// Example usage for: Ternary Operator
$action = (empty($_POST['action'])) ? 'default' : $_POST['action'];

// The above is identical to this if/else statement
if (empty($_POST['action'])) {
    $action = 'default';
} else {
    $action = $_POST['action'];
}

?>
Karthik
A: 

The ternary form is basically a shortcut for if->then->else

I generally avoid it because it's not all that readable.

$ip = ($_SERVER['HTTP_X_FORWARD_FOR']) ? $_SERVER['HTTP_X_FORWARD_FOR'] : $_SERVER['REMOTE_ADDR'];

is logically equivalent to:

if($_SERVER['HTTP_X_FORWARD_FOR']){
   $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
}else{
   $ip = $_SERVER['REMOTE_ADDR'];
}

It should be said that this is EXACTLY what this is most commonly used for: variable initialization. Very common with form data.

Satanicpuppy