processing GET and POST variables

Below is a function adapted from one found in phpMyEdit.class.php
http://platon.sk/projects/release_li...p?project_id=5
phpMyEdit is a form generator for PHP/MySQL.

I think this function works great, especially for forms where data is
redisplayed due to failed validation of user input. I wonder what the
opinion of other PHP users would be.

function get_cgi_var($name, $default_value = null)
{
// From the phpMyEdit project
// Usage: $name = get_cgi_var('name');
static $magic_quotes_gpc = null;
if ($magic_quotes_gpc === null) {
$magic_quotes_gpc = get_magic_quotes_gpc();
}
global $HTTP_GET_VARS;
$var = @$HTTP_GET_VARS[$name];
if (! isset($var)) {
global $HTTP_POST_VARS;
$var = @$HTTP_POST_VARS[$name];
}
if (isset($var)) {
if ($magic_quotes_gpc) {
if (is_array($var)) {
foreach (array_keys($var) as $key) {
$var[$key] = stripslashes(trim(strip_tags($var[$key])));
}
return $var;
} else {
$var = stripslashes(trim(strip_tags($var)));
}
}
} else {
$var = @$default_value;
}
return $var;
// If data is displayed/posted using htmlspecialchars($var)
// return @$HTTP_POST_VARS ? html_entity_decode($var, ENT_QUOTES) :
$var;
};



$name = get_cgi_var('name');

DH wrote:
> I think this function works great, especially for forms where data is
> redisplayed due to failed validation of user input. I wonder what the
> opinion of other PHP users would be.
>

Can be written in less lines with the aid of PHP's superglobals:

<?php

function get_cgi_var($name, $default_value = null) {
if ($var = @$_REQUEST[$name]) {
if (get_magic_quotes_gpc()) {
if (!is_array($var)) {
$var = stripslashes($var);
} else {
foreach (array_keys($var) as $key) {
$var[$key] = stripslashes($var);
}
}
}
} else {
$var = $default_value;
}
return $var;
}

?>


JW