4

I've finally remembered what to ask. I never really got what : and ? do when a variable is being defined like this:

$ip = ($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];

As you can see there is ? and : and ( )

Could anyone give me a brief detail about why and how they are used for?

Improve this question
2
  • Dupe 1, 2, 3, 4, 5, etc.
    – user7675
    Commented Jun 23, 2010 at 15:20
  • I've tried searching >.>
    – MacMac
    Commented Jun 23, 2010 at 17:42

4 Answers 4

Reset to default
24

The expression looks like this:

$var = (condition) ? if_true : if_false

?: is the ternary operator. If condition is true, $var will be assigned the value if_true; otherwise it will be assigned the value if_false.

In your particular case:

  • This assigns the value of the X-Forwarded-For HTTP header to $ip if it exists; otherwise it uses the remote address itself.

  • This is usually used as a way to get a client's IP address. However, note that in general this is a terrible way to check for client identity. See this StackOverflow question. (Use session cookies or some sort of authentication if you need to make sure users don't clobber each other.)

  • Also, it's HTTP_X_FORWARDED_FOR, not HTTP_X_FORWARD_FOR.

  • Finally, HTTP_X_FORWARDED_FOR can be a comma-delimited list of IP addresses, not just a single one, so this has the potential to be a bug.

Improve this answer
4
  • Very brief. Accepted answer, also nice tips :)
    – MacMac
    Commented Jun 23, 2010 at 13:32
  • Also would you mind doing a brief about multiple ternary operators within one logical statement. This will be helpful to others. +1
    – RobertPitt
    Commented Jun 25, 2010 at 12:41
  • 1
    @RobertPitt: the brief advice would be: don't do it! Nested ternary operators quickly become unwieldy, unintelligible, unmaintainable code.
    – janmoesen
    Commented Jun 25, 2010 at 12:56
  • +1, and I cannot help but mention that X-Forwarded-For,like other headers, is completely spoofable. You could set $ip to 127.0.0.1 simply by saying so in your header. So this code would be open to "normal" bugs and "security" vulnerabilities.
    – janmoesen
    Commented Jun 25, 2010 at 12:58
2

It's known as a ternary operator and is shorthand for (in your case):

if($_SERVER['HTTP_X_FORWARD_FOR'])
{
    $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
}
else
{
    $ip = $_SERVER['REMOTE_ADDR'];
}
Improve this answer
0 
"?:" (or ternary) operator

The expression (expr1) ? (expr2) : (expr3) evaluates to expr2 if expr1 evaluates to TRUE, and expr3 if expr1 evaluates to FALSE

See this example:

<?php
// Example usage for: Ternary Operator
$action = (empty($_POST['action'])) ? 'default' : $_POST['action'];

// The above is identical to this if/else statement
if (empty($_POST['action'])) {
    $action = 'default';
} else {
    $action = $_POST['action'];
}

?>
Improve this answer
0

The ternary form is basically a shortcut for if->then->else

I generally avoid it because it's not all that readable.

$ip = ($_SERVER['HTTP_X_FORWARD_FOR']) ? $_SERVER['HTTP_X_FORWARD_FOR'] : $_SERVER['REMOTE_ADDR'];

is logically equivalent to:

if($_SERVER['HTTP_X_FORWARD_FOR']){
   $ip = $_SERVER['HTTP_X_FORWARD_FOR'];
}else{
   $ip = $_SERVER['REMOTE_ADDR'];
}

It should be said that this is EXACTLY what this is most commonly used for: variable initialization. Very common with form data.

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.