传递变量沿着一个功能
问题描述:
在下面的功能show_commentbox(),我想沿着变量$_SESSION['loginid'],$submissionid,$submission,$url,$submittor,$submissiondate,$countcomments,$dispurl通过。使用下面的设置,它不起作用。我怎么能改变它使show_commentbox()一起传递变量?传递变量沿着一个功能
由于提前,
约翰
的index.php:
<?php
$submission = $_GET['submission'];
require_once "header.php";
include "login.php";
include "comments.php";
include "commentformonoff.php";
?>
在header.php中:
require_once ("function.inc.php");
在的comments.php:
$uid = $_SESSION['loginid'];
$submissiondate = mysql_real_escape_string($_GET['submissiondate']);
$submittor = mysql_real_escape_string($_GET['submittor']);
$countcomments = mysql_real_escape_string($_GET['countcomments']);
$dispurl = mysql_real_escape_string($_GET['dispurl']);
$url = mysql_real_escape_string($_GET['url']);
$submission = mysql_real_escape_string($_GET['submission']);
$submissionid = mysql_real_escape_string($_GET['submissionid']);
commentformonoff.php:
<?php
if (!isLoggedIn())
{
if (isset($_POST['cmdlogin']))
{
if (checkLogin($_POST['username'], $_POST['password']))
{
show_commentbox();
} else
{
echo "Login to comment";
}
} else
{
echo "Login to comment";
}
} else
{
show_commentbox();
}
?>
在display.functions.inc.php:
function show_commentbox()
{
echo '<form action="http://www...com/sandbox/comments/comments2.php" method="post">
<input type="hidden" value="'.$_SESSION['loginid'].'" name="uid">
<input type="hidden" value="'.$submissionid.'" name="submissionid">
<input type="hidden" value="'.$submission.'" name="submission">
<input type="hidden" value="'.$url.'" name="url">
<input type="hidden" value="'.$submittor.'" name="submittor">
<input type="hidden" value="'.$submissiondate.'" name="submissiondate">
<input type="hidden" value="'.$countcomments.'" name="countcomments">
<input type="hidden" value="'.$dispurl.'" name="dispurl">
<label class="addacomment" for="title">Add a comment:</label>
<textarea class="commentsubfield" name="comment" type="comment" id="comment" maxlength="1000"></textarea>
<div class="commentsubbutton"><input name="submit" type="submit" value="Submit"></div>
</form>
';
}
答
只需将它们作为参数传递:
function show_commentbox($submissionid, $submission, ...) {
...
show_commentbox($submissionid, ...);
注意,我删除$_SESSION['loginid'],因为它不需要通过表单来传递。另外,这可能是敏感信息,因此不应该泄漏。
mysql_real_escape_string只能用于准备要发送到数据库的数据。而应使用htmlspecialchars或htmlentities来准备输出数据。这应该在show_commentbox之前完成,而不是之前,因为它是确定值的目的地的地方。
当然,许多参数都很笨重。一方面,你怎么记得他们的订单?针对特定问题的一种解决方案是关键字参数(在PHP)你必须通过传递一个关联数组来实现,其中:
function show_commentbox($args) {
...
show_commentbox(array('submissionID' => $submissionid, ...));
在这种情况下,更好的办法是使用类。它可以是简单:
class CommentBox {
public $submissionid, ...;
function show() {
?><form ...><?php
foreach ($this as $name => $val) {
$val = htmlspecialchars($val);
?><input name="<?php echo $name; ?>" value="<?php echo $value; ?>" type="hidden"/><?php
}
?></form><?php
}
}
...
$cb = new CommentBox();
foreach ($cb as $name => $ign) {
// note: we don't want to loop over $_GET, as that introduces
// potential injection attacks
if (isset($_GET[$name])) {
$cb->$name = $_GET[$name];
}
}
或者你也可以使用MVC architecture,分离show成FormView类。
因为globals are bad,我故意忽略使用全局变量。