[FX.php List] Re: FX.php_List Digest, Vol 36, Issue 19

[DC]

Hi Mark,

I realize this is demo code, but it is always good practice to check 
user input (e.g., $_REQUEST superglobal) before doing anything with it.

It opens a security hole to assign REQUEST keys to variables directly 
without first verifying them or stripping them of nasty characters.

The line $$key = $value could be abused by a tricky person.

More, to the point of your code submission... PHP is full of obscure 
little corners. To convert all array keys to lowercase (or uppercase) 
use this handy built-in function:

// defaults to changing all to lowercase
$a = array_change_key_case($_REQUEST);

cheers,
dan

Lindal, Mark had written:
> Here's a trick for turning $_REQUEST variables into lower case:
> 
> foreach($_REQUEST as $key=>$value)
> {
> $$key=$value;
> $lowerkey = strtolower($key);
> }
> 
> Useful if a person sends a request like:
> 
> http://bookstore/detail.php?Catalog=12345
> http://bookstore/detail.php?catalog=12345
> 
> Both would end up with a variable $catalog=12345 on the detail.php page.
> 
> ------------------------------
> Mark Lindal
> 
> On 20-Jul-07, at 5:44 AM, fx.php_list-request at mail.iviking.org wrote:
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Thu, 19 Jul 2007 17:14:58 -0500
> From: Alex Gates <alex at gandrpublishing.com>
> Subject: [FX.php List] case sensitive query
> To: alex at gandrpublishing.com,    "FX.php Discussion List"
>     <fx.php_list at mail.iviking.org>
> Message-ID: <469FE262.9090708 at gandrpublishing.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> 
> While I'm at it...
> 
> Anyone know a trick to make queries case sensitive?
> 
> for example, if alex is my username, I can still log in with Alex or
> ALEX or aLeX.
> Any special trick to make it case sensitive?
> 
> 
> 
> 
> 
> 
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
>