Call a Function Held in a $_GET Var - PHP

This is a discussion on Call a Function Held in a $_GET Var - PHP ; Hi, If I have a function name held in a $_GET variable for example ....&func=print_user_list how can I call the function dynamically? ie. $_GET['func']() Thanks for your help...

+ Reply to Thread
Results 1 to 2 of 2

Call a Function Held in a $_GET Var

  1. Default Call a Function Held in a $_GET Var

    Hi,

    If I have a function name held in a $_GET variable for example
    ....&func=print_user_list how can I call the function dynamically? ie.
    $_GET['func']()

    Thanks for your help

  2. Default Re: [PHP] Call a Function Held in a $_GET Var

    Shaun wrote:

    >Hi,
    >
    >If I have a function name held in a $_GET variable for example
    >...&func=print_user_list how can I call the function dynamically? ie.
    >$_GET['func']()
    >
    >Thanks for your help
    >
    >
    >
    Well, call_user_func() [ http://www.php.net/call_user_func ] will do the
    job. But that is really bad, because you can get hacked really easy.
    Here's a small example

    www.url.com/file.php?func=evilfunction

    So that is _bad_ coding and not a good practise at all, but if that is
    the _only_ option be more than sure that you do some checking first. An
    example follows :

    $allowed = array('first_func', 'second_func', 'third_func') {
    if(in_array($_GET['func'], $allowed) { /* it's okay */
    call_user_func($_GET['func']); }
    else { die('Next time, sucker'; }
    }

    Hope this helps,

    --
    Josip Dzolonga
    http://josip.dotgeek.org

    jdzolonga[at]gmail.com
+ Reply to Thread
« Preventing automated account creation | setcookie ??? »