Design By Tim

UPDATE I stand corrected: I am hard pressed to find any real reason why one would want to use extract to surmount the security and coding concerns, as it really doesn’t gain you anything. Sure, it might be less to type out ($Variable vs. $Array[’Variable’]), but is it really worth all the confusion? My new opinion? Nope.

The days of explicitly declaring variables passed in from a form for use - or (gasp) using $_GET['varName'] in your code is no longer needed! Clear as well as clean code is the discussion for variable setting today, and we get to explore how easy it is to extract(), Typically you would have call the variable and then set it.

[code lang="php"]
$username = $_GET['username'];
$password = $_GET['password'];
[/code]

The world is changing. While that is not bad for small forms or simple tasks but what if your project is larger or lets just say after reading this article you abondon gathering all the $_GET data from your simple form? Wouldn’t it be nice if PHP could automate it for you? (and easily in one line of code)

[code lang="php"]
extract($_GET);

//Or best to protect it with an if
if($_GET) extract($_GET);
if($_POST) extract($_POST);
[/code]

That function, which is a built-in PHP function by the way is extracting all the query string variables and sets them equal to their respective values. So now instead of having to set the variables, you can use the same name that you called the field element in your php app as a variable. But wait it gets even cooler.

The developers of php knew that you might already be using a variable name and we wouldn’t want to overwrite that. So what to do? Well thankfully they saw this coming and gave us extract_type! And this is what they do

• EXTR_OVERWRITE: If there is a collision, overwrite the existing variable.
• EXTR_SKIP: If there is a collision, don’t overwrite the existing variable.
• EXTR_PREFIX_SAME: If there is a collision, prefix the variable name with prefix.
• EXTR_PREFIX_ALL: Prefix all variable names with prefix. Beginning with PHP 4.0.5, this includes numeric variables as well.
• EXTR_PREFIX_INVALID: Only prefix invalid/numeric variable names with prefix. This flag was added in PHP 4.0.5.
• EXTR_IF_EXISTS: Only overwrite the variable if it already exists in the current symbol table, otherwise do nothing. This is useful for defining a list of valid variables and then extracting only those variables you have defined out of $_REQUEST, for example. This flag was added in PHP 4.2.0.
• EXTR_PREFIX_IF_EXISTS: Only create prefixed variable names if the non-prefixed version of the same variable exists in the current symbol table. This flag was added in PHP 4.2.0.
• EXTR_REFS: Extracts variables as references. This effectively means that the values of the imported variables are still referencing the values of the var_array parameter. You can use this flag on its own or combine it with any other flag by OR’ing the extract_type. This flag was added in PHP 4.3.0.

Note: If the prefixed result is not a valid variable name, it is not imported into the symbol table. Prefixes are automatically separated from the array key by an underscore character. If you’re not sure what variables you’ve created through extraction, you can call get_defined_vars() to see all defined variables in the current scope.

I noticed a post on the extract() page of a possible Zend2 Engine bug, but they also showed how bad programming practices can produce this error. I also have found that if any of the assigned values are null it causes the engine to do all sorts of incredibly whacky stuff like certifiably lose track of variables in an incredibly inconsistent way. Fortuantly I read the post and was able to trace the problem down to the EXTR_REFS flag as well. As noted it’s probably ok to assume that in PHP’s internal variable storage or reference counting mechanism, trying to extract null references makes it lose track or count of something or rather. In a nutshell, if you start getting wierd behavior when using extract() make sure that the array or object you are trying to get variables out of doesn’t contain null keys or values! So I recommend a method to loop through before extracting to check for blank variables - ok so I tricked you into thinking it was a oneliner, get over it - it is still much simplier than your way, hell it’s cool to do right?

This entry was posted on Wednesday, January 18th, 2006 at 9:43 pm and is filed under Uncategorized.