1. 首頁
  2. 問答
  3. 正確的變量,GET和POST變量

正確的變量,GET和POST變量

2010-07-31 123 views
0

何時檢查檢查通過GET傳遞的變量和POST是正確的,我可能是這樣的:正確的變量,GET和POST變量

<?php 
//Controller 
if($_SERVER['REQUEST_METHOD'] == 'POST') 
{ 
    if(!isset($_POST['new_email'])) 
    header('Location: somepage.php'); 
    else if(empty($_POST['new_email'])) 
    //Report error to user and prompt to try again 
    else 
    $newEmail = $_POST['new_email']; 

    if(!isset($_POST['full_name'])) 
    header('Location: somepage.php'); 
    else if(empty($_POST['full_name'])) 
    //Report error to user and prompt to try again 
    else 
    $newName = $_POST['full_name']; 

    if(!isset($_POST['new_password_a'])) 
    header('Location: somepage.php'); 
    else if(empty($_POST['new_password_a'])) 
    //Report error to user and prompt to try again 
    else 
    $newPasswordA = $_POST['new_password_a']; 

    if(!isset($_POST['new_password_b'])) 
    header('Location: somepage.php'); 
    else if(empty($_POST['new_password_b'])) 
    //Report error to user and prompt to try again 
    else 
    $newPasswordB = $_POST['new_password_b']; 

    //Do some things with the variables 
} 
else 
{ 
    header('Location: somepage.php'); 
} 

//View 
//Display relevant view here 
?>

你如何檢查GETPOST變量在PHP腳本?我想知道是否有更好的方法?

來源

2010-07-31 Mike Moore

回答

4

也許創建一個函數來避免重複的代碼?

function check($varname,$destination,$message) { 
    if (!isset($_POST[$varname])) { 
     header("Location: $destination"); 
    } else if (empty($_POST[$varname])) { 
     //Do something with $message 
    } else { 
     return $_POST[$varname]; 
    } 
    return NULL; 
}

然後,

<?php 
//Controller 
if($_SERVER['REQUEST_METHOD'] == 'POST') 
{ 
    $newEmail = check('new_email','somepage.php','Error message'); 
    $newName = check('new_name','somepage.php','Error message'); 
    $newPasswordA = check('new_password_a','somepage.php','Error message'); 
    $newPasswordB = check('new_password_b','somepage.php','Error message'); 

    //Do some things with the variables 
    //Checking for NULL values (although if some var was null, 
    //it should have either redirected or reported an error) 
} 
else 
{ 
    header('Location: somepage.php'); 
} 

//View 
//Display relevant view here 
?>

什麼像素開發商說的是真的,雖然,你應該消毒的投入至少對SQL注入(如果你使用一個數據庫中的數據)和CSRF攻擊。

來源

2010-07-31 23:31:13

+0

您給出了最詳細的答案,它非常有幫助。我現在正在建立一個類,它使用你的check()方法的變體。謝謝! – 2010-08-01 15:50:37

1 
<?php 
//Controller 
if($_SERVER['REQUEST_METHOD'] == 'POST') 
{ 
    foreach ($_POST as $key => $value) { 
    if (empty($value)) { 
     echo 'whoops, remember to set ', $key; 
    } else { 
     switch($key) { 
     case 'new_password_a': 
      $newPasswordA = $value; 
      break; 
     //etc 
     } 
    } 
    } 
    if (isset($newPasswordA) && isset($newPasswordB)) { //check all vars have been set or whatever 
    header('Location: somepage.php'); 
    } else { 
    header('Location: somepage.php'); 
    }

對不起,我不能更具體的代碼,你的示例代碼有點模糊。我希望有所幫助。

來源

2010-07-31 23:33:22

+0

你需要重新格式化:) – 2010-07-31 23:33:56

1

你的代碼一開始就是一團糟。請使用括號,更好代碼註釋和類/功能。

除了密鑰是否有值之外,您沒有檢查任何其他內容。您可能需要添加CSRF令牌以確保請求來自您期望的表單。

看看CSRF on Wikipedia

來源

2010-07-31 23:33:37

+0

感謝CSRF資源。 – 2010-07-31 23:42:12

相關問題

 相關問題