GET/POST parameters
"uweb/params.php"
Uray Web Library (UWeb)
This file provides convenient and secure ways to use GET and POST HTTP parameters. GET parameters come from the query string of the URL, e.g. in webpage.php?param=23
, and POST parameters come when submitting a form, either a normal HTML form (<form>
) or an UWeb form.
Of course, PHP provides the global arrays $_GET
and $_POST
to access these parameters, but then the website needs to check individually whether they are in the correct format (e.g. integer), and if not, deal with these errors properly. This is not very convenient, and makes it easier to leave security holes, especially when these values are used in SQL queries. The functions in this file attempt to solve this problem.
1.1. get_param_str(), post_param_str()
1.2. get_param_str_opt(), post_param_str_opt()
1.3. get_param_int(), post_param_int()
1.4. get_param_int_opt(), post_param_int_opt()
1.5. get_param_bool(), post_param_bool()
1.6. has_get_param(), has_post_param()
1.7. has_get_param_strict(), has_post_param_strict()
2.1. get_param_error(), post_param_error()
2.2. class get_parameter_error, post_parameter_error
function get_param_str ($param); function post_param_str ($param);
Return the GET or POST parameter as a string.
If the parameter value is empty (""
) or nonexistent, throw the appropriate exception.
function get_param_str_opt ($param); function post_param_str_opt ($param);
Return the GET or POST parameter as a string.
If the parameter value is empty (""
) or nonexistent, return null
(and never throw any exception).
function get_param_int ($param); function post_param_int ($param);
Return the GET or POST parameter as an integer.
If the parameter is not an integer (see check_int()
), or it is empty or does not exist, throw the appropriate exception.
function get_param_int_opt ($param); function post_param_int_opt ($param);
Return the GET or POST parameter as an integer.
If the parameter is empty or does not exist, return null
. Otherwise if the parameter is not an integer (see check_int()
), throw the appropriate exception.
function get_param_bool ($param); function post_param_bool ($param);
Return the GET or POST parameter as a boolean value (true
or false
).
Values accepted as true
: "true"
or "1"
.
Values accepted as false
: "false"
, "0"
, ""
or non-existent parameter.
For all other values, throw the appropriate exception.
function has_get_param ($param); function has_post_param ($param);
Return whether the given GET or POST parameter exists.
The value of the parameter does not matter, even an empty string (""
) is accepted as an existing value. Note: an empty value can be written as webpage.php?param
instead of webpage.php?param=
.
function has_get_param_strict ($param); function has_post_param_strict ($param);
Return whether the given GET or POST parameter exists, and also check that its value is the empty string (""
).
If the parameter exists and has a non-empty value, throw the appropriate exception.
function check_other_get_params ();
Check if any other GET parameter exists than what was already accessed by one of the GET functions above. If any other exists, throw the appropriate exception.
Note: this function has no POST equivalent.
function get_param_error ($param); function post_param_error ($param);
Throw the appropriate exception.
These functions provide a way to signal that a GET or POST parameter is wrong, in the same way as the functions above do.
class get_parameter_error
→ basic_error
→ Exception
class post_parameter_error
→ internal_error
→ basic_error
→ Exception
These are the exception classes that are thrown by any function in this file if a GET or POST parameter has an error.
The error message (getMessage()
) contains the name of the parameter, and either the value, or the fact that it is missing.