PHP : import_request_ variables() function


The import_request_variables() function is used to import GET/POST/Cookie variables into the global scope


(PHP 4 and above)


import_request_variables (string_types, prefix ) 


Name Description Required /
string_types Some predefined characters indicating which request variable is to be imported. 'G' or 'g' is used for specifying GET, 'P' or 'p' is used for specifying POST and 'C' or 'c' is used for specifying Cookie variables. Order of occurrence of the characters is important. Suppose you mention 'gp', POST variables will override the GET variables. If you use any other characters besides aforementioned characters, they are discarded. Required String
prefix A string which is added before the name of the imported variable. For example, if you have a post value named 'email' and you supply a prefix 'user', the the imported variable name will be 'user_email'.This is an optional parameter. Optional String

Return value:

TRUE on success or FALSE on failure.

Value Type : Boolean.

Example :

import_request_variables("p", "w3r_");
echo $POST['name'].".......................";
echo "<br>";
echo $w3r_name;
<form name="f1" method="post" action="import_request_variables-example1.php">
<input type="text" name="name"><br>
<input type="submit" value="Submit"><br>

Output :


View the example in the browser

See also

PHP Function Reference

Previous: gettype
Next: intval

PHP: Tips of the Day

SQL injection that gets around mysql_real_escape_string()

Consider the following query:

$iId = mysql_real_escape_string("1 OR 1=1");    
$sSql = "SELECT * FROM table WHERE id = $iId";

mysql_real_escape_string() will not protect you against this. The fact that you use single quotes (' ') around your variables inside your query is what protects you against this. The following is also an option:

$iId = (int)"1 OR 1=1";
$sSql = "SELECT * FROM table WHERE id = $iId";

Ref : https://bit.ly/32q3bJ7