dsuvs66406 2019-02-02 13:17
浏览 57
已采纳

关于差值参数$ _GET ['id']和$ id

so i was writing code about deleting a post so i use this code

require_once 'core/init.php';

  if (isset($_GET['id'])) {
    if (hapus_data($_GET['id'])) {
      header('Location: index.php');
    }else {
      echo "gagal menghapus data";
    }
  }

and here is the delete function 

function hapus_data($id){
    $query = "DELETE FROM blog WHERE id = $id";
    return run($query);
}`

so what i didnt understand is why this code work but the parameters is not the same as you can see i put hapus_data($_GET['id'] and then hapus_data($id) as the parameter of the function

  • 写回答

1条回答 默认 最新

  • douyasihefu6214 2019-02-02 13:24
    关注

    The parameter sets, and assigns, the name of the variable in the function.

    Since $_GET['id'] is a super global it would be the same as 

    function hapus_data() { 
     $id = $_GET['id']

    but then you then couldn't later do 

    hapus_data(any_non_$_GET[id]_variable)

    so doing it in the function definition is a better practice.

    You should parameterize your query. This is SQL injectable. Something like,

    function hapus_data($id){
    $query = "DELETE FROM blog WHERE id = ?";
    return run($query, array($id));
    // and then update `run` to bind the second parameter
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥17 pro*C预编译“闪回查询”报错SCN不能识别
  • ¥15 微信会员卡接入微信支付商户号收款
  • ¥15 如何获取烟草零售终端数据
  • ¥15 数学建模招标中位数问题
  • ¥15 phython路径名过长报错 不知道什么问题
  • ¥15 深度学习中模型转换该怎么实现
  • ¥15 Stata外部命令安装问题求帮助!
  • ¥15 从键盘随机输入A-H中的一串字符串,用七段数码管方法进行绘制。提交代码及运行截图。
  • ¥15 TYPCE母转母,插入认方向
  • ¥15 如何用python向钉钉机器人发送可以放大的图片?