Can anyone explain the following PHP Code ?
function get_param($param_name, $param_type = 0)
{
global $HTTP_POST_VARS, $HTTP_GET_VARS;
$param_value = "";
if (isset($_POST)) {
if (isset($_POST[$param_name]) && $param_type != GET)
$param_value = $_POST[$param_name];
elseif (isset($_GET[$param_name]) && $param_type != POST)
$param_value = $_GET[$param_name];
} else {
if (isset($HTTP_POST_VARS[$param_name]) && $param_type != GET)
$param_value = $HTTP_POST_VARS[$param_name];
elseif (isset($HTTP_GET_VARS[$param_name]) && $param_type != POST)
$param_value = $HTTP_GET_VARS[$param_name];
}
return strip($param_value);
}
function strip($value)
{
if (get_magic_quotes_gpc() == 0) {
return $value;
} else {
return stripslashes($value);
}
}
UPDATE
It is used like this:
$xml = get_param('xml');
The code gets the value from the get and post data arrays. It also strips slashes on php installations that have magic quotes enabled. It looks like the function is made for backwards compatibility with older version of PHP. I wouldn’t use this unless you are required to support older versions of PHP.
You don’t need to make any changes for this to work in PHP 5, however I would just do the following:
For Get data:
For Post data:
You should also read up on Magic Quotes since it was not deprecated till PHP 5.3.0 and you may need to be concerned about it.
The updated function could also be written as:
Strip can be left alone.