end
When using EXTR_PREFIX_ALL - and probably all the other EXTR_PREFIX_* constants - and a numerically-indexed array, extract() will add an underscore ("_") between the prefix and the index.
<?php
extract(array('foo', 'bar'), EXTR_PREFIX_ALL, 'var');
print_r(get_defined_vars()); // Reveals $var_0 = 'foo' and $var_1 = 'bar'
?>
extract
(PHP 4, PHP 5)
extract — 배열에서 현재 심볼 테이블로 변수를 입력
설명
int extract
( array $var_array
[, int $extract_type
[, string $prefix
]] )
배열에서 현재 심볼 테이블로 변수를 가져옵니다.
extract()는 각 키가 유효한 변수명이 되는지 확인합니다. 심볼 테이블에 존재하는 변수와의 충돌 여부도 확인합니다.
인수
- var_array
-
연관 배열. 변수명을 키로, 변수값을 값으로 취급한다. extract_type 과 prefix 인수에 따라 각 키/값 쌍에 대해서 현재 심볼 테이블안에 변수를 생성한다.
연관 배열을 사용해야 합니다. 숫자 인덱스 배열은 EXTR_PREFIX_ALL이나 EXTR_PREFIX_INVALID를 사용하지 않는 한 결과를 생성하지 않습니다.
- extract_type
-
유효하지않은/숫자 키와 충돌인 경우를 취급하는 방법은 extract_type 에 의해 결정된다. 다음 값들 중 하나가 될 수 있다:
- EXTR_OVERWRITE
- 충돌이 발생하면, 기존 변수를 덮어쓴다.
- EXTR_SKIP
- 충돌이 발생하면, 기존 변수를 덮어쓰지 않는다. variable.
- EXTR_PREFIX_SAME
- 충돌이 발생하면, prefix 를 변수명 앞에 첨가한다.
- EXTR_PREFIX_ALL
- prefix 를 모든 변수명 앞에 첨가한다.
- EXTR_PREFIX_INVALID
- 유효하지 않은/숫자 변수명 앞에만 prefix 를 첨가한다.
- EXTR_IF_EXISTS
- 현재 심볼 테이블에 이미 존재하는 변수만 덮어쓴다. 그렇지 않으면 아무것도 하지 않는다. 이 플래그는 유효한 변수 목록을 정의하고 이 변수들만 추출하는데 유용하다. 예를 들어, 이런 변수는 $_REQUEST에서 정의된 변수들이다.
- EXTR_PREFIX_IF_EXISTS
- 현재 심볼 테이블에 앞첨가된 버전의 같은 변수가 존재할때만 앞첨가된 변수명을 생성한다.
- EXTR_REFS
- 변수를 참조로써 추출한다. 입력된 변수 값이 var_array 인수의 값을 참조한다는 의미를 갖는다. 이 플래그는 그 자체로나 다른 플래그와 OR 연산하여 extract_type 에서 사용할수 있다.
extract_type 가 설정되지 않으면, EXTR_OVERWRITE가 설정되어 있다고 가정한다.
- prefix
-
prefix 는 extract_type 이 EXTR_PREFIX_SAME, EXTR_PREFIX_ALL, EXTR_PREFIX_INVALID, EXTR_PREFIX_IF_EXISTS일 경우에만 요구된다. 덧붙인 결과가 유효한 변수명이 아니면, 심볼 테이블에 입력되지 않는다. Prefix는 밑줄 문자로 배열 키와 자동으로 분리됩니다.
반환값
심볼 테이블에 성공적으로 입력된 변수의 수를 반환한다.
변경점
| 버전 | 설명 |
|---|---|
| 4.3.0 | EXTR_REFS 추가. |
| 4.2.0 | EXTR_IF_EXISTS와 EXTR_PREFIX_IF_EXISTS 추가. |
| 4.0.5 | 추출한 변수의 수를 반환합니다. EXTR_PREFIX_INVALID 추가. EXTR_PREFIX_ALL이 숫자 변수도 포함합니다. |
예제
Example #1 extract() 예제
wddx_deserialize()에서 반환한 연관 배열에 포함되어 있는 변수들을 심볼 테이블로 가져오기 위해서 extract()를 사용할 수 있습니다.
<?php
/* $var_array가 wddx_deserialize에서 반환한
배열이라고 가정합시다 */
$size = "large";
$var_array = array("color" => "blue",
"size" => "medium",
"shape" => "sphere");
extract($var_array, EXTR_PREFIX_SAME, "wddx");
echo "$color, $size, $shape, $wddx_size\n";
?>
위 예제의 출력:
blue, large, sphere, medium
$size는 덮어씌어지지 않았다, 왜냐하면 EXTR_PREFIX_SAME를 설정했기 때문이다. 결과적으로 $wddx_size가 생성되었다. EXTR_SKIP가 설정되어 있으면, EXTR_OVERWRITE 는 $size가 "medium" 값을 갖게 하고 EXTR_PREFIX_ALL는 새로운 변수인 $wddx_color, $wddx_size, $wddx_shape를 갖게한다.
주의
Warning
extract()를 사용자 입력($_GET, ...)같은 신뢰할 수 없는 데이터에 사용하지 마십시오. 예를 들어, register_globals에 의존하는 오래된 코드를 실행하기 위해 임시적으로 사용한다면, EXTR_SKIP 등의 덮어쓰지 않는 extract_type 을 사용하고, php.ini 안에 정의되어 있는 variables_order와 같은 순서로 추출해야 합니다.
add a note
User Contributed Notesextract
danbettles at yahoo dot co dot uk
24-Aug-2009 11:04
24-Aug-2009 11:04
benjaminATwebbutvecklarnaDOTse
17-Mar-2008 03:15
17-Mar-2008 03:15
In the meantime, I'm using this:
// extract alternative
# extracts variables where new value is above the threshold or if old value is on or below the threshold (or var is not defined)
# an associative array is obviously the sane thing to pass
#
# I am absolutely certain someone will find obvious problems or errors with this
# I haven't even tried to compare other values than 0 so if you need to do that and surely finds obvious flaws,
# please mail me, I'd really like to know.
# benjaminATwebbutvecklarnaDOTse
// usage example:
# thrextract(mysql_fetch_assoc(mysql_query("SELECT preset_this,preset_that FROM site_preset WHERE ID = $site_id")));
# thrextract(mysql_fetch_assoc(mysql_query("SELECT preset_this,preset_that FROM category_preset WHERE ID = $category_id")));
function thrextract($arr,$thr = 0){
foreach($arr as $key => $var){
global $$key;
if($var > $thr or $$key <= $thr) $$key = $var;
}
}
benjaminATwebbutvecklarnaDOTse
17-Mar-2008 02:19
17-Mar-2008 02:19
Re: anon at anon dot org, about extract() and null values
Personally I've found use extracting multiple resultsets from db where the latter would overwrite the previous when a variable is not null ( and optionally if its not >0 )
It would be useful if $extract_type was extended on top of these two:
EXTR_OVERWRITE
EXTR_SKIP
with something like this:
EXTR_OVERWRITE_NULL
- If there is a collision, overwrite the existing variable if it is null
EXTR_OVERWRITE_0
- Same thing but == 0 or null
EXTR_SKIP_NULL
- If there is a collision, skip the new variable if the existing is not null
EXTR_SKIP_0
- Same thing but == 0 or null
Those ought to cover a few good cases that aren't covered now.
Hayley Watson
13-Mar-2008 11:18
13-Mar-2008 11:18
Dan O'Donnell's suggestion needs a third requirement to work as described:
c) No other variables are defined - especially variables that contain potentially sensitive information.
Without that condition the difference between extract() and assigning variables by hand (and the resulting security implications) should be obvious.
The only valid security step there is (b) - but you should be doing that anyway.
Dan O'Donnell
21-Apr-2007 07:25
21-Apr-2007 07:25
Following up on ktwombley at gmail dot com's post:
Presumably one easy way of dealing with this security issue is to use the EXTR_IF_EXISTS flag and make sure
a) your define acceptable input variables beforehand (i.e. as empty variables)
b) Sanitise any user input to avoid unacceptable variable content.
If you do these two things, then I'm not sure I see the difference between extract($_REQUEST,EXTR_IF_EXISTS); and assigning each of the variables by hand.
I'm not talking here about the idea of storing the variables in a database, just the immediately necessary steps to allow you to use extract on REQUEST arrays with relative safety.
Dutchdavey
13-Mar-2007 08:26
13-Mar-2007 08:26
I would draw your attention to the user note at the very end of this page regarding PREFIXES. The user points out that php adds a '_' to your prefixes.
ktwombley at gmail dot com
31-Aug-2006 05:05
31-Aug-2006 05:05
It's really easy to open gaping security holes using extract() on $_REQUEST, $_GET, etc. You have to be really sure of what you're doing, and use the proper flags on extract() to avoid clobbering important variables.
For instance, the submission by kake26 at gmail dot com will not only perfectly emulate register globals (that's bad), but it'll store it in a database and recall the same variables every time the script runs (essentially allowing an attacker to attack your script every time it runs via one attack). Oops!
To fix it, you'd have to get creative with flags. Maybe you could use EXTR_PREFIX_ALL instead of EXTR_OVERWRITE, for example. Of course, you should also sanitize the form elements to ensure there's no php code in them, and also to make sure any very important variables aren't in the form data. (like the classic $is_admin = true attack)
nicolas zeh
16-Mar-2006 05:24
16-Mar-2006 05:24
This function provides exactly the same functionality as extract except that a parameter was added defining the extract target.
This function can be used if your PHP installation does not support the required Flags or more important if you would like to extract arrays to another destination as to $GLOBALS, i.e. other arrays or objects.
The only difference to extract is that extract_to moves the array pointer of $arr to the end as $arr is passed by reference to support the EXTR_REFS flag.
<?php
if( !defined('EXTR_PREFIX_ALL') ) define('EXTR_PREFIX_ALL', 3);
if( !defined('EXTR_PREFIX_INVALID') ) define('EXTR_PREFIX_INVALID', 4);
if( !defined('EXTR_IF_EXISTS') ) define('EXTR_IF_EXISTS', 5);
if( !defined('EXTR_PREFIX_IF_EXISTS') ) define('EXTR_PREFIX_IF_EXISTS', 6);
if( !defined('EXTR_REFS') ) define('EXTR_REFS', 256);
function extract_to( &$arr, &$to, $type=EXTR_OVERWRITE, $prefix=false ){
if( !is_array( $arr ) ) return trigger_error("extract_to(): First argument should be an array", E_USER_WARNING );
if( is_array( $to ) ) $t=0;
else if( is_object( $to ) ) $t=1;
else return trigger_error("extract_to(): Second argument should be an array or object", E_USER_WARNING );
if( $type==EXTR_PREFIX_SAME || $type==EXTR_PREFIX_ALL || $type==EXTR_PREFIX_INVALID || $type==EXTR_PREFIX_IF_EXISTS )
if( $prefix===false ) return trigger_error("extract_to(): Prefix expected to be specified", E_USER_WARNING );
else $prefix .= '_';
$i=0;
foreach( $arr as $key=>$val ){
$nkey = $key;
$isset = $t==1 ? isset( $to[$key] ) : isset( $to->$key );
if( ( $type==EXTR_SKIP && $isset )
|| ( $type==EXTR_IF_EXISTS && !$isset ) )
continue;
else if( ( $type==EXTR_PREFIX_SAME && $isset )
|| ( $type==EXTR_PREFIX_ALL )
|| ( $type==EXTR_PREFIX_INVALID && !preg_match( '#^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$#', $key ) ) )
$nkey = $prefix.$key;
else if( $type==EXTR_PREFIX_IF_EXISTS )
if( $isset ) $nkey = $prefix.$key;
else continue;
if( !preg_match( '#^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$#', $nkey ) ) continue;
if( $t==1 )
if( $type & EXTR_REFS ) $to->$nkey = &$arr[$key];
else $to->$nkey = $val;
else
if( $type & EXTR_REFS ) $to[$nkey] = &$arr[$key];
else $to[$nkey] = $val;
$i++;
}
return $i;
}
// e.g.:
extract_to( $myarray, $myobject, EXTR_IF_EXISTS );
?>
owk dot ch199_ph at gadz dot org
08-Mar-2006 12:21
08-Mar-2006 12:21
And if you want with PHP 5 an easy way to extract $V by reference, try this :
<?php
foreach ($V as $k => &$v) {
$$k =& $v;
}
?>
It can be used to create special kind of "free args" functions that let you choose when you call them the way you send variables, and which ones. They are moreover very fast to call thanks to references :
<?php
function free_args (&$V) {
foreach ($V as $k => &$v) {
$$k =& $v;
}
unset ($k); unset ($v); unset ($V);
// be careful that if you need to extract $k, $v or $V variables you should find other names for them in the lines above (ie. $__k, $__v and $__V)
}
$huge_text = '...';
$a = array ('arg1' => 'val1', 'arg2' => &$huge_text); // in this call, only $arg2 will be a true reference in the function
free_args ($a);
?>
Be warned that you can't write : "<?php free_args (array ('arg1' => 'val1')); ?>" because the array can't be referenced by the function, as it's not yet created when the function starts.
moslehi<atsign>gmail<d0t>c0m
20-Jan-2006 09:32
20-Jan-2006 09:32
Experimentally I found that calling extract() also shows the number of keys if the key is set and is not numeric ! Maybe there was a better definition than mine . Please have a look to this scripts :
<?PHP
$var["i"] = "a";
$var["j"] = "b";
$var["k"] = 1;
echo extract($var); // returns 3
?>
<?PHP
$var2["i"] = "a";
$var2[2] = "b";
$var2[] = 1;
echo extract($var2); // returns 1
?>
(Arash Moslehi)
Csaba at alum dot mit dot edu
27-Nov-2005 07:41
27-Nov-2005 07:41
Sometimes you may want to extract only a named subset of the key/value pairs in an array. This keeps things more orderly and could prevent an unrelated variable from getting clobbered from an errant key. For example,
$things = 'unsaid';
$REQUEST = array(He=>This, said=>1, my=>is, info=>2, had=>a,
very=>3, important=>test, things=>4);
$aVarToExtract = array(my, important, info);
extract (array_intersect_key ($REQUEST, array_flip($aVarToExtract)));
will extract
$my = 'is';
$important = 'test';
$info = 2;
but will leave certain
$things = 'unsaid'
Csaba Gabor from Vienna
NB. Of course the composite request coming in from a web page is in $_REQUEST.
anon at anon dot org
30-May-2005 07:02
30-May-2005 07:02
A warning about extract() and null values.
This might be an actual Zend2 Engine bug, but it's bad programming practice, so I'm sharing it here instead.
I often work in envrionments where E_STRICT (which would prevent errors like this) isn't on, and I don't have access to change it. I also use a very simple template class that in a nutshell works like this:
$t = new Template('somefile.php');
$t->title = $title;
$t->body = $body;
$t->display();
display() more or less looks like this:
function display(){
extract(get_object_vars($this),EXTR_REFS);
ob_start(); include $this->templateFileName;
return ob_get_clean();
}
If any of the assigned values are null (let's say that in this case $title wasn't initialized above) it causes the engine to do all sorts of incredibly whacky stuff like certifiably lose track of variables in an incredibly inconsistent way. I traced the problem down to the fact that it's using the EXTR_REFS flag. I assume that in PHP's internal variable storage or reference counting mechanism, that trying to extract null references makes it lose track or count of something or rather.
In a nutshell, if you start getting wierd behavior when using extract() make sure that the array or object you are trying to get variables out of doesn't contain null keys or values!
kake26 at gmail dot com
01-May-2005 03:59
01-May-2005 03:59
The following is a neat use for extract to store and manipulate large amounts of form data from. I basically loop through the $_POST and implode it seperating the key and value pairs by a space. Then store it in a db, the reversing function basically explodes the string to a array. Then converts the indexed array to a associative array then uses extract to seal the deal and make it easily available within a program. My main reason for sharing these are the fact I make some big web applications that store allot of forum data in a DB and these functions make it very easy to quickly and easily store and recall the data. I've contributed it because I spent many hours creating this code and recall going "I wish someone had previously submitted it to the page notes". Would have saved me allot of time and agony and I'm sure I'm not the only person that could really benefit from it, so I decided to share.
<?php
$stack = array();
foreach ($_POST as $key => $value) {
array_push($stack, $key, $value);
}
// store it
$block = implode(" ",$stack); // yeilds a space delimited string
// insert query to store string in DB here, like the one below
$query = "INSERT INTO `sometable` VALUES('".$seluser."','".addslashes($block)."');";
$result = mysql_query($query) or die("Query failed for block insert: " . mysql_error());
// note $seluser in my case is a user ID associated with that block
// in one of my web apps
?>
The nice thing is with the above we can quickly create a string of key and value pairs from the data the script got. Without really caring what their names are. You know how if register globals are on you say $someformvar rather than $_POST["someformvar"]; , basically the code below reads this previous created block returns it to that state. Sort of like presistant register globals.
<?php
// insert query to grab the previously stored string here
$query = "SELECT * FROM `sometable` WHERE `blockid` = '".addslashes($bid)."';";
$result = mysql_query($query) or die("Query failed read: " . mysql_error());
$sql = mysql_fetch_array($result, MYSQL_ASSOC);
$array = eplode(" ",$sql["data"]);
for ($i = 0; $i < sizeof($array); $i+=2) {
$myassoc[$array[$i]] = isset($array[$i+1])?$array[$i+1]:NULL;
}
extract($myassoc, EXTR_OVERWRITE);
// now you're key and value pairs from $_POST have been restored
// instead of $_POST
?>
pg dot perfection at gmail dot com
14-Mar-2005 10:33
14-Mar-2005 10:33
Here is a little example of how an extraction method should look like when it needs to work recursive (work on nested_arrays too)...
Note that this is only an example, it can be done more easily, and more advanced too.
<?php
/**
* A nested version of the extract () function.
*
* @param array $array The array which to extract the variables from
* @param int $type The type to use to overwrite (follows the same as extract () on PHP 5.0.3
* @param string $prefix The prefix to be used for a variable when necessary
*/
function extract_nested (&$array, $type = EXTR_OVERWRITE, $prefix = '')
{
/**
* Is the array really an array?
*/
if (!is_array ($array))
{
return trigger_error ('extract_nested (): First argument should be an array', E_USER_WARNING);
}
/**
* If the prefix is set, check if the prefix matches an acceptable regex pattern
* (the one used for variables)
*/
if (!empty ($prefix) && !preg_match ('#^[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*$#', $prefix))
{
return trigger_error ('extract_nested (): Third argument should start with a letter or an underscore', E_USER_WARNING);
}
/**
* Check if a prefix is necessary. If so and it is empty return an error.
*/
if (($type == EXTR_PREFIX_SAME || $type == EXTR_PREFIX_ALL || $type == EXTR_PREFIX_IF_EXISTS) && empty ($prefix))
{
return trigger_error ('extract_nested (): Prefix expected to be specified', E_USER_WARNING);
}
/**
* Make sure the prefix is oke
*/
$prefix = $prefix . '_';
/**
* Loop thru the array
*/
foreach ($array as $key => $val)
{
/**
* If the key isn't an array extract it as we need to do
*/
if (!is_array ($array[$key]))
{
switch ($type)
{
default:
case EXTR_OVERWRITE:
$GLOBALS[$key] = $val;
break;
case EXTR_SKIP:
$GLOBALS[$key] = isset ($GLOBALS[$key]) ? $GLOBALS[$key] : $val;
break;
case EXTR_PREFIX_SAME:
if (isset ($GLOBALS[$key]))
{
$GLOBALS[$prefix . $key] = $val;
}
else
{
$GLOBALS[$key] = $val;
}
break;
case EXTR_PREFIX_ALL:
$GLOBALS[$prefix . $key] = $val;
break;
case EXTR_PREFIX_INVALID:
if (!preg_match ('#^[a-zA-Z_\x7f-\xff]$#', $key{0}))
{
$GLOBALS[$prefix . $key] = $val;
}
else
{
$GLOBALS[$key] = $val;
}
break;
case EXTR_IF_EXISTS:
if (isset ($GLOBALS[$key]))
{
$GLOBALS[$key] = $val;
}
break;
case EXTR_PREFIX_IF_EXISTS:
if (isset ($GLOBALS[$key]))
{
$GLOBALS[$prefix . $key] = $val;
}
break;
case EXTR_REFS:
$GLOBALS[$key] =& $array[$key];
break;
}
}
/**
* The key is an array... use the function on that index
*/
else
{
extract_nested ($array[$key], $type, $prefix);
}
}
}
?>
Michael Newton
03-Mar-2005 01:23
03-Mar-2005 01:23
They say "If the result is not a valid variable name, it is not imported into the symbol table."
What they should say is that if _any_ of the results have invalid names, _none_ of the variables get extracted.
Under 4.3.10 on Windows 2000, I was pulling some mySQL records, but needed to convert two fields into IP addresses:
<?
extract(mysql_fetch_assoc(mysql_query('SELECT * FROM foo')));
extract(mysql_fetch_assoc(mysql_query('SELECT INET_NTOA(bar) AS bar, INET_NTOA(baz) FROM foo')));
?>
I had forgotten the second AS modifier in the SQL query. Because it couldn't extract a variable called INET_NTOA(baz) into the symbol table, it didn't do either of them.
(BTW I don't normally stack functions up like that! Just to make a short example!)
22-Feb-2005 03:31
To make this perfectly clear (hopefully), an underscore is always added when the string is prefixed.
extract(array("color" => "blue"),EXTR_PREFIX_ALL,'');// note: prefix is empty
is the same as
$color='_blue';
Aaron Stone
17-Nov-2004 06:44
17-Nov-2004 06:44
If you are working porting an older application, and taking the advice above, extracting only _SERVER, _SESSING, _COOKIE, _POST, _GET, you have forgotten to extract _FILES. Putting _FILES last and using EXTR_SKIP doesn't work because the name of the file upload box is already set as a variable containing only the temporary name of the uploaded file from one of the earlier extracts (I haven't tested to see which one specifically, however). A workaround is to put _FILES last and use EXTR_OVERWRITE. This allows extract to replace that temp-name-only variable with the full array of file upload information.
Adam Monsen <adamm at wazamatta dot com>
03-Oct-2004 12:03
03-Oct-2004 12:03
As shown in the example, if your 'prefix' is used, a single underscore is added to the name of the extracted variable. Meaning, a prefix of 'p' becomes a prefix of 'p_', so 'blarg' prefixed would be 'p_blarg'.
If you're not sure what variables you've created through extraction, you can call get_defined_vars() to see all defined variables in the current scope.