Shuang Rimu

A blog about random stuff

PHP parse_url

Image Attribution:

"Sad Dog", Hubert Figuière, Flickr, http://farm5.staticflickr.com/4042/4465657345_7ec6a546be_o.jpg

July 8, 2013


There have been many rants on the internet about PHP. This will not be another long rant. There have been many admirable ones already.

And besides, PHP, for all its faults, is the duct tape that holds the internet together.

I’m just here to vent about one thing. I’ve been doing a lot of code maintenance at work lately. I stumbled across PHP’s parse_str.

parse_str. Generates variables on the fly. Terrible. Terrible terrible terrible. I have variables whose very declaration ARE DEPENDENT ON USER-GENERATED INPUT. User comes up with creative URL query strings? I get creatively named variables. Magically. GAAAAAAHHHHHHH!

Lesson: ALWAYS use the optional array argument of parse_str or pain and agony will ensue.