dream0614 2011-12-24 22:45
浏览 45
已采纳

不理解PHP中的这些$ _POST,数组和验证技术

I'm learning by way of tutorials, and the instructor used a validation routine that I'm confused about.

On the form page, he has input fields with the following names:

  • menu_name
  • position
  • visible

On the form processing page, he has the following block of php (let's call it block A):

$menu_name = mysql_prep($_POST['menu_name']);
$position = mysql_prep($_POST['position']);
$visible = mysql_prep($_POST['visible']);

Below this block is another php block that inserts the data into MySQL -- this all works fine.

He then added the following php block above block A (let's call it block B):

$errors = array();
$required_fields = array('menu_name', 'position', 'visible');

foreach ($required_fields as $fieldname) {
    if (!isset($_POST[$fieldname]) || empty($_POST[$fieldname])) {
        $errors[] = $fieldname;
    } 
}   
if (!empty($errors)) {
    redirect_to("new_subject.php");
    exit;
}

Question 1

I'm confused why in his $required_fields array, he is referencing the field names directly. Why not move block A above block B and then just reference the variables that were assigned from the $_POST?

Then just use those variables in the if statement within the foreach loop.

I guess I'm asking if my alternative approach is valid? Is there an apparent reason for why he took his approach?

(FYI the mysql_prep is a custom function he built to remove slashes and such.)

Question 2

If I'm understanding his code correctly, his first if statement is testing if the $fieldname is !isset (i.e. not set) or empty.

What's the difference? Since I don't know the difference, I'm also not clear on why he used the || operator. Can you please explain?

Question 3

And finally, it seems his first if statement is capturing any errors and putting them into the $errors array at the top of block B.

He then uses a second if statement to check if that $errors array has anything in it, and re-directs + exits if it does.

Is there a discernible reason for this approach? In my mind, it seems the first if statement could redirect + exit if any errors were found. Why capture them in that $errors array?

  • 写回答

3条回答 默认 最新

  • dqol6556 2011-12-24 22:56
    关注

    Question 1

    What happens here is he checks for the existence of certain variables first. If they do not exist, you need to redirect.
    I don't know what the prep function does, but it would be illogical to call a prep function on a possible empty variable. You could turn it around, but that would be.. well.. turning stuff around ;)

    First check if you've got all you need, and then start cleaning up.

    Question 2

    Not set means it is not available in the POST. This will happen for checkboxes (if you don't check them , they don't excist. Text inputs will be empty.
    Even if you have only text inputs, it is good for to be sure that they exist (there could be a problem in the calling post, someone might be hacking your form), before you check their contents: PHP is very forgiving ofcourse, but it's not really nice to check the contents of something that does not exist.

    Summary: isset is looking if it is there at all, and empty is checking what it's value is.

    Question 3

    You could put the redirect and exit statements in the if, and this would be a tiny bit faster. But not so much, and what you do is unexpected for some programmers: you change the flow of the program somewhere in the middle of a loop (2 loops). This is readable for me, but I don't see any problem with exiting at the first 'error'.

    Later on you might want to do something with the missing POST values (all of them), like giving them a certain class, so that's a possible reason to do it this way later on?

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 phython读取excel表格报错 ^7个 SyntaxError: invalid syntax 语句报错
  • ¥20 @microsoft/fetch-event-source 流式响应问题
  • ¥15 ogg dd trandata 报错
  • ¥15 高缺失率数据如何选择填充方式
  • ¥50 potsgresql15备份问题
  • ¥15 Mac系统vs code使用phpstudy如何配置debug来调试php
  • ¥15 目前主流的音乐软件,像网易云音乐,QQ音乐他们的前端和后台部分是用的什么技术实现的?求解!
  • ¥60 pb数据库修改与连接
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?