php-doc-en/reference/array/functions/extract.xml

<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xml:id="function.extract" xmlns="http://docbook.org/ns/docbook">
 <refnamediv>
  <refname>extract</refname>
  <refpurpose>Import variables into the current symbol table from an array</refpurpose>
 </refnamediv>
 <refsect1 role="description">
  &reftitle.description;
  <methodsynopsis>
   <type>int</type><methodname>extract</methodname>
   <methodparam><type>array</type><parameter role="reference">array</parameter></methodparam>
   <methodparam choice="opt"><type>int</type><parameter>flags</parameter><initializer><constant>EXTR_OVERWRITE</constant></initializer></methodparam>
   <methodparam choice="opt"><type>string</type><parameter>prefix</parameter><initializer>""</initializer></methodparam>
  </methodsynopsis>
  <para>
   Import variables from an array into the current symbol table.
  </para>
  <para>
   Checks each key to see whether it has a valid variable name. 
   It also checks for collisions with existing variables in
   the symbol table.
  </para>
  <warning>
   <para>
    Do not use <function>extract</function> on untrusted data, like user input
    (e.g. <varname>$_GET</varname>, <varname>$_FILES</varname>).
   </para>
  </warning>
 </refsect1>
 <refsect1 role="parameters">
  &reftitle.parameters;
  <para>
   <variablelist>
    <varlistentry>
     <term><parameter>array</parameter></term>
     <listitem>
      <para>
       An associative array. This function treats keys as variable names and
       values as variable values.  For each key/value pair it will create a
       variable in the current symbol table, subject to
       <parameter>flags</parameter> and <parameter>prefix</parameter> parameters.
      </para>
      <para>
       You must use an associative array; a numerically indexed array
       will not produce results unless you use <constant>EXTR_PREFIX_ALL</constant> or
       <constant>EXTR_PREFIX_INVALID</constant>.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
     <term><parameter>flags</parameter></term>
     <listitem>
      <para>
       The way invalid/numeric keys and collisions are treated is determined
       by the extraction <parameter>flags</parameter>. It can be one of the
       following values:
       <variablelist>
        <varlistentry>
         <term><constant>EXTR_OVERWRITE</constant></term>
         <listitem>
          <simpara>
           If there is a collision, overwrite the existing variable.
          </simpara>
         </listitem>
        </varlistentry>
        <varlistentry>
         <term><constant>EXTR_SKIP</constant></term>
         <listitem>
          <simpara>
           If there is a collision, don't overwrite the existing
           variable.
          </simpara>
         </listitem>
        </varlistentry>
        <varlistentry>
         <term><constant>EXTR_PREFIX_SAME</constant></term>
         <listitem>
          <simpara>If there is a collision, prefix the variable name with
           <parameter>prefix</parameter>.
          </simpara>
         </listitem>
        </varlistentry>
        <varlistentry>
         <term><constant>EXTR_PREFIX_ALL</constant></term>
         <listitem>
          <simpara>
           Prefix all variable names with
           <parameter>prefix</parameter>.
          </simpara>
         </listitem>
        </varlistentry>
        <varlistentry>
         <term><constant>EXTR_PREFIX_INVALID</constant></term>
         <listitem>
          <simpara>
           Only prefix invalid/numeric variable names with
           <parameter>prefix</parameter>.
          </simpara>
         </listitem>
        </varlistentry>
        <varlistentry>
         <term><constant>EXTR_IF_EXISTS</constant></term>
         <listitem>
          <simpara>
           Only overwrite the variable if it already exists in the
           current symbol table, otherwise do nothing.  This is useful
           for defining a list of valid variables and then extracting
           only those variables you have defined out of
           <varname>$_REQUEST</varname>, for example.
          </simpara>
         </listitem>
        </varlistentry>
        <varlistentry>
         <term><constant>EXTR_PREFIX_IF_EXISTS</constant></term>
         <listitem>
          <simpara>
           Only create prefixed variable names if the non-prefixed version
           of the same variable exists in the current symbol table.
          </simpara>
         </listitem>
        </varlistentry>
        <varlistentry>
         <term><constant>EXTR_REFS</constant></term>
         <listitem>
          <simpara>
           Extracts variables as references. This effectively means that the
           values of the imported variables are still referencing the values of
           the <parameter>array</parameter> parameter. You can use this flag
           on its own or combine it with any other flag by OR'ing the
           <parameter>flags</parameter>.
          </simpara>
         </listitem>
        </varlistentry>
       </variablelist>
      </para>
      <para>
       If <parameter>flags</parameter> is not specified, it is
       assumed to be <constant>EXTR_OVERWRITE</constant>.
      </para>
     </listitem>
    </varlistentry>
    <varlistentry>
     <term><parameter>prefix</parameter></term>
     <listitem>
      <para>
       Note that <parameter>prefix</parameter> is only required if
       <parameter>flags</parameter> is <constant>EXTR_PREFIX_SAME</constant>,
       <constant>EXTR_PREFIX_ALL</constant>, <constant>EXTR_PREFIX_INVALID</constant>
       or <constant>EXTR_PREFIX_IF_EXISTS</constant>. If
       the prefixed result is not a valid variable name, it is not
       imported into the symbol table. Prefixes are automatically separated from
       the array key by an underscore character.
      </para>
     </listitem>
    </varlistentry>
   </variablelist>
  </para>
 </refsect1>
 <refsect1 role="returnvalues">
  &reftitle.returnvalues;
  <para>
   Returns the number of variables successfully imported into the symbol
   table.
  </para>
 </refsect1>
 <refsect1 role="examples">
  &reftitle.examples;
  <para>
   <example>
    <title><function>extract</function> example</title>
    <para>
     A possible use for <function>extract</function> is to import into the
     symbol table variables contained in an associative array returned by
     <function>wddx_deserialize</function>.
    </para>
    <programlisting role="php">
<![CDATA[
<?php

/* Suppose that $var_array is an array returned from
   wddx_deserialize */

$size = "large";
$var_array = array("color" => "blue",
                   "size"  => "medium",
                   "shape" => "sphere");
extract($var_array, EXTR_PREFIX_SAME, "wddx");

echo "$color, $size, $shape, $wddx_size\n";

?>
]]>
    </programlisting>
    &example.outputs;
    <screen>
<![CDATA[
blue, large, sphere, medium
]]>
    </screen>
    <para>
     The <varname>$size</varname> wasn't overwritten because we specified
     <constant>EXTR_PREFIX_SAME</constant>, which resulted in
     <varname>$wddx_size</varname> being created.  If <constant>EXTR_SKIP</constant> was
     specified, then <varname>$wddx_size</varname> wouldn't even have been created.
     <constant>EXTR_OVERWRITE</constant> would have caused <varname>$size</varname> to have
     value "medium", and <constant>EXTR_PREFIX_ALL</constant> would result in new variables
     being named <varname>$wddx_color</varname>,
     <varname>$wddx_size</varname>, and
     <varname>$wddx_shape</varname>.
    </para>
   </example>
  </para>
 </refsect1>
 <refsect1 role="notes">
  &reftitle.notes;
  <warning>
   <para>
    Do not use <function>extract</function> on untrusted data, like
    user input
    (i.e. <varname>$_GET</varname>, <varname>$_FILES</varname>, etc.).
    If you do, for example if you want to temporarily run old code that
    relied on <link linkend="security.globals">register_globals</link>,
    make sure you use one of the non-overwriting
    <parameter>flags</parameter> values such as
    <constant>EXTR_SKIP</constant> and be aware that you should extract
    in the same order that's defined in
    <link linkend="ini.variables-order">variables_order</link> within the
    <link linkend="ini">&php.ini;</link>.
   </para>
  </warning>
  <note>
   <para>
    If you still
    have <link linkend="security.globals">register_globals</link>
    and it is turned on, if you use <function>extract</function>
    on <varname>$_FILES</varname> and
    specify <constant>EXTR_SKIP</constant>, you may be surprised at
    the results.
   </para>
   <warning>
    <para>
     This is not recommended practice and is only documented here for
     completeness. The use
     of <link linkend="security.globals">register_globals</link> is
     deprecated and calling <function>extract</function> on untrusted
     data such as <varname>$_FILES</varname> is, as noted above, a
     potential security risk. If you encounter this issue, it means
     that you are using at least two poor coding practices.
    </para>
   </warning>
   <programlisting role="php">
<![CDATA[
<?php

/* Suppose that $testfile is the name of a file upload input
   and that register_globals is turned on. */

var_dump($testfile);
extract($_FILES, EXTR_SKIP);
var_dump($testfile);
var_dump($testfile['tmp_name']);

?>
]]>
   </programlisting>
   <simpara>
    You might expect to see something like the following:
   </simpara>
   <screen>
<![CDATA[
string(14) "/tmp/phpgCCPX8"
array(5) {
  ["name"]=>
  string(10) "somefile.txt"
  ["type"]=>
  string(24) "application/octet-stream"
  ["tmp_name"]=>
  string(14) "/tmp/phpgCCPX8"
  ["error"]=>
  int(0)
  ["size"]=>
  int(4208)
}
string(14) "/tmp/phpgCCPX8"
]]>
   </screen>
   <simpara>
    However, you would instead see something like this:
   </simpara>
   <screen>
<![CDATA[
string(14) "/tmp/phpgCCPX8"
string(14) "/tmp/phpgCCPX8"
string(1) "/"
]]>
   </screen>
   <para>
    This is due to the fact that
    since <link linkend="security.globals">register_globals</link> is
    turned on, <varname>$testfile</varname> already exists in the
    global scope when <function>extract</function> is called. And
    since <constant>EXTR_SKIP</constant> is
    specified, <varname>$testfile</varname> is not overwritten with
    the contents of the <constant>$_FILES</constant> array
    so <varname>$testfile</varname> remains a string.
    Because <link linkend="language.types.string.substr">strings may
    be accessed using array syntax</link> and the non-numeric string
    <literal>tmp_name</literal> is interpreted
    as <literal>0</literal>, PHP
    sees <varname>$testfile['tmp_name']</varname>
    as <varname>$testfile[0]</varname>.
   </para>
  </note>
 </refsect1>
 <refsect1 role="seealso">
  &reftitle.seealso;
  <para>
   <simplelist>
    <member><function>compact</function></member>
    <member><function>list</function></member>
   </simplelist>
  </para>
 </refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->