dream0614 2011-12-24 22:45
浏览 45
已采纳

不理解PHP中的这些$ _POST,数组和验证技术

I'm learning by way of tutorials, and the instructor used a validation routine that I'm confused about.

On the form page, he has input fields with the following names:

  • menu_name
  • position
  • visible

On the form processing page, he has the following block of php (let's call it block A):

$menu_name = mysql_prep($_POST['menu_name']);
$position = mysql_prep($_POST['position']);
$visible = mysql_prep($_POST['visible']);

Below this block is another php block that inserts the data into MySQL -- this all works fine.

He then added the following php block above block A (let's call it block B):

$errors = array();
$required_fields = array('menu_name', 'position', 'visible');

foreach ($required_fields as $fieldname) {
    if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
        $errors[] = $fieldname;
    } 
}   
if (!empty($errors)) {
    redirect_to("new_subject.php");
    exit;
}

Question 1

I'm confused why in his $required_fields array, he is referencing the field names directly. Why not move block A above block B and then just reference the variables that were assigned from the $_POST?

Then just use those variables in the if statement within the foreach loop.

I guess I'm asking if my alternative approach is valid? Is there an apparent reason for why he took his approach?

(FYI the mysql_prep is a custom function he built to remove slashes and such.)

Question 2

If I'm understanding his code correctly, his first if statement is testing if the $fieldname is !isset (i.e. not set) or empty.

What's the difference? Since I don't know the difference, I'm also not clear on why he used the || operator. Can you please explain?

Question 3

And finally, it seems his first if statement is capturing any errors and putting them into the $errors array at the top of block B.

He then uses a second if statement to check if that $errors array has anything in it, and re-directs + exits if it does.

Is there a discernible reason for this approach? In my mind, it seems the first if statement could redirect + exit if any errors were found. Why capture them in that $errors array?

  • 写回答

3条回答 默认 最新

  • dqol6556 2011-12-24 22:56
    关注

    Question 1

    What happens here is he checks for the existence of certain variables first. If they do not exist, you need to redirect.
    I don't know what the prep function does, but it would be illogical to call a prep function on a possible empty variable. You could turn it around, but that would be.. well.. turning stuff around ;)

    First check if you've got all you need, and then start cleaning up.

    Question 2

    Not set means it is not available in the POST. This will happen for checkboxes (if you don't check them , they don't excist. Text inputs will be empty.
    Even if you have only text inputs, it is good for to be sure that they exist (there could be a problem in the calling post, someone might be hacking your form), before you check their contents: PHP is very forgiving ofcourse, but it's not really nice to check the contents of something that does not exist.

    Summary: isset is looking if it is there at all, and empty is checking what it's value is.

    Question 3

    You could put the redirect and exit statements in the if, and this would be a tiny bit faster. But not so much, and what you do is unexpected for some programmers: you change the flow of the program somewhere in the middle of a loop (2 loops). This is readable for me, but I don't see any problem with exiting at the first 'error'.

    Later on you might want to do something with the missing POST values (all of them), like giving them a certain class, so that's a possible reason to do it this way later on?

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

  • PHP $_GET 和 $_POST 的区别是什么? 应当怎么去处理呢?
    2024-09-10 00:04
    xiaohuojian1的博客 PHP ,$_GET 和 $_POST 是两个用于处理 HTTP 请求数据的全局数组。$_GET: 由于数据附加在 URL 后面,URL 的长度有限制(大约 2000 字符,具体取决于浏览器和服务器)。始终对 $_GET 和 $_POST 数据进行验证,...
  • php$_REQUEST、$_POST、$_GET的区别和联系小结
    2020-10-28 06:51
    PHP编程,$_REQUEST、$_POST和$_GET是三个常用的超全局数组,它们都可以用来从客户端接收数据。当处理表单数据或者URL参数时,了解它们的区别和最佳实践使用场景对于保证数据的正确获取以及安全性至关重要。 ...
  • PHP $_POST 变量
    2024-09-02 06:13
    lly202406的博客 PHP 的$_POST变量是一个超全局数组,用于收集来自 HTML 表单的数据,特别是当表单的method属性设置为POST时。这个变量包含了所有以 POST 方法发送的表单数据。在 PHP 处理表单数据时,$_POST变量是一个核心组成...
  • PHP的超级变量$_POST获取HTML表单(HTML Form) 数据
    2020-10-28 13:57
    PHP是一种广泛使用的服务器端脚本语言,非常适合用于开发动态网站和应用...$_GET用于从URL获取数据,而$_REQUEST会包含$_GET和$_POST的元素,但是在实际使用,最好明确数据的来源,以便更安全和精确地处理数据。
  • PHP超级全局变量【$GLOBALS,$_SERVER,$_REQUEST等】用法实例分析
    2020-10-15 21:25
    因此,最佳实践是优先使用$_GET和$_POST来分别处理GET和POST数据,以确保更严格的输入验证和数据过滤。 在实际开发理解并正确使用这些超级全局变量是至关重要的。$GLOBALS用于在函数内外共享数据,$_SERVER提供...
  • php使用post数组的键值创建同名变量并赋值的方法
    2020-10-24 10:24
    在这段代码,$expected数组指定了需要从$_POST数组读取的键名。foreach循环遍历这些键名,并对每个键名执行检查。如果对应的$_POST[$key]不为空(即表单该字段有数据提交),则将该数据赋值给动态命名的变量。...
  • PHP $_POST 变量详解
    2024-11-18 09:19
    HoRain云小助手的博客 在探讨$_POST的工作原理之前,我们需要了解它是如何在服务器端自动创建关联数组的。当用户通过HTTP POST方法提交表单时,PHP会自动生成一个名为$_POST的特殊变量3。这个变量实际上是一个 关联数组 ,其键名对应于...
  • PHP—$_POST.docx
    2021-09-26 21:45
    PHP编程语言,`$_POST`是一个全局数组,它被用来接收通过HTTP POST方法提交的表单数据。HTTP POST方法通常用于向服务器传递大量数据或者敏感信息,因为这些数据不会在浏览器的地址栏显示,增加了数据的安全性...
  • php几个预定义变量$_SERVER用法小结
    2020-12-18 13:20
    `$_REQUEST`是一个超全局数组,它包含了`$_GET`, `$_POST`和`$_COOKIE`数组的所有数据,方便开发者一次性获取所有的请求参数。然而,出于安全考虑,通常建议明确指定使用`$_GET`或`$_POST`,而不是直接依赖`$_...
  • PHP系列」PHP $_GET变量/$POST变量
    2024-04-14 00:45
    ·零落·的博客 此外,直接在 URL 显示数据可能会导致一些问题,比如数据长度限制和潜在的安全问题(尽管在这个例子我们使用了。属性设置为 “post” 时,用户输入的数据会通过 HTTP POST 请求发送到服务器,这些数据可以通过。...
  • 没有解决我的问题, 去提问