1. 首頁
  2. 問答
  3. 傳遞變量沿着一個功能

傳遞變量沿着一個功能

2010-05-04 108 views
0

在下面的功能show_commentbox(),我想沿着變量$_SESSION['loginid']$submissionid$submission$url$submittor$submissiondate$countcomments$dispurl通過。使用下面的設置,它不起作用。我怎麼能改變它使show_commentbox()一起傳遞變量?傳遞變量沿着一個功能

由於提前,

約翰

的index.php:

<?php 

$submission = $_GET['submission']; 

require_once "header.php"; 

include "login.php"; 

include "comments.php"; 

include "commentformonoff.php"; 

?>

在header.php中:

require_once ("function.inc.php");

在的comments.php:

$uid = $_SESSION['loginid']; 
$submissiondate = mysql_real_escape_string($_GET['submissiondate']); 
$submittor = mysql_real_escape_string($_GET['submittor']); 
$countcomments = mysql_real_escape_string($_GET['countcomments']); 
$dispurl = mysql_real_escape_string($_GET['dispurl']); 
$url = mysql_real_escape_string($_GET['url']); 
$submission = mysql_real_escape_string($_GET['submission']); 
$submissionid = mysql_real_escape_string($_GET['submissionid']);

commentformonoff.php:

<?php 
if (!isLoggedIn()) 
{ 

    if (isset($_POST['cmdlogin'])) 
    { 

     if (checkLogin($_POST['username'], $_POST['password'])) 
     { 
      show_commentbox(); 
     } else 
     { 
      echo "Login to comment"; 

     } 
    } else 
    { 

     echo "Login to comment"; 
    } 

} else 
{ 

    show_commentbox(); 
} 
?>

在display.functions.inc.php:

function show_commentbox() 
{ 
echo '<form action="http://www...com/sandbox/comments/comments2.php" method="post"> 
    <input type="hidden" value="'.$_SESSION['loginid'].'" name="uid"> 
    <input type="hidden" value="'.$submissionid.'" name="submissionid"> 
    <input type="hidden" value="'.$submission.'" name="submission"> 
    <input type="hidden" value="'.$url.'" name="url"> 
    <input type="hidden" value="'.$submittor.'" name="submittor"> 
    <input type="hidden" value="'.$submissiondate.'" name="submissiondate"> 
    <input type="hidden" value="'.$countcomments.'" name="countcomments"> 
    <input type="hidden" value="'.$dispurl.'" name="dispurl"> 



    <label class="addacomment" for="title">Add a comment:</label> 

    <textarea class="commentsubfield" name="comment" type="comment" id="comment" maxlength="1000"></textarea> 

    <div class="commentsubbutton"><input name="submit" type="submit" value="Submit"></div> 
</form> 
'; 
}

來源

2010-05-04 John

回答

2

只需將它們作爲參數傳遞:

function show_commentbox($submissionid, $submission, ...) { 
... 

show_commentbox($submissionid, ...);

注意,我刪除$_SESSION['loginid'],因爲它不需要通過表單來傳遞。另外,這可能是敏感信息,因此不應該泄漏。

mysql_real_escape_string只能用於準備要發送到數據庫的數據。而應使用htmlspecialcharshtmlentities來準備輸出數據。這應該在show_commentbox之前完成,而不是之前,因爲它是確定值的目的地的地方。

當然,許多參數都很笨重。一方面,你怎麼記得他們的訂單?針對特定問題的一種解決方案是關鍵字參數(在PHP)你必須通過傳遞一個關聯數組來實現,其中:

function show_commentbox($args) { 
... 

show_commentbox(array('submissionID' => $submissionid, ...));

在這種情況下,更好的辦法是使用類。它可以是簡單:

class CommentBox { 
    public $submissionid, ...; 
    function show() { 
     ?><form ...><?php 
     foreach ($this as $name => $val) { 
      $val = htmlspecialchars($val); 
      ?><input name="<?php echo $name; ?>" value="<?php echo $value; ?>" type="hidden"/><?php 
     } 
     ?></form><?php 
    } 
} 
... 
$cb = new CommentBox(); 
foreach ($cb as $name => $ign) { 
    // note: we don't want to loop over $_GET, as that introduces 
    // potential injection attacks 
    if (isset($_GET[$name])) { 
     $cb->$name = $_GET[$name]; 
    } 
}

或者你也可以使用MVC architecture,分離showFormView類。

因爲globals are bad,我故意忽略使用全局變量。

來源

2010-05-04 02:48:00 outis

相關問題

 相關問題