1. 首页
  2. 问答
  3. 传递变量沿着一个功能

传递变量沿着一个功能

2010-05-04 106 views
0

在下面的功能show_commentbox(),我想沿着变量$_SESSION['loginid']$submissionid$submission$url$submittor$submissiondate$countcomments$dispurl通过。使用下面的设置,它不起作用。我怎么能改变它使show_commentbox()一起传递变量?传递变量沿着一个功能

由于提前,

约翰

的index.php:

<?php 

$submission = $_GET['submission']; 

require_once "header.php"; 

include "login.php"; 

include "comments.php"; 

include "commentformonoff.php"; 

?>

在header.php中:

require_once ("function.inc.php");

在的comments.php:

$uid = $_SESSION['loginid']; 
$submissiondate = mysql_real_escape_string($_GET['submissiondate']); 
$submittor = mysql_real_escape_string($_GET['submittor']); 
$countcomments = mysql_real_escape_string($_GET['countcomments']); 
$dispurl = mysql_real_escape_string($_GET['dispurl']); 
$url = mysql_real_escape_string($_GET['url']); 
$submission = mysql_real_escape_string($_GET['submission']); 
$submissionid = mysql_real_escape_string($_GET['submissionid']);

commentformonoff.php:

<?php 
if (!isLoggedIn()) 
{ 

    if (isset($_POST['cmdlogin'])) 
    { 

     if (checkLogin($_POST['username'], $_POST['password'])) 
     { 
      show_commentbox(); 
     } else 
     { 
      echo "Login to comment"; 

     } 
    } else 
    { 

     echo "Login to comment"; 
    } 

} else 
{ 

    show_commentbox(); 
} 
?>

在display.functions.inc.php:

function show_commentbox() 
{ 
echo '<form action="http://www...com/sandbox/comments/comments2.php" method="post"> 
    <input type="hidden" value="'.$_SESSION['loginid'].'" name="uid"> 
    <input type="hidden" value="'.$submissionid.'" name="submissionid"> 
    <input type="hidden" value="'.$submission.'" name="submission"> 
    <input type="hidden" value="'.$url.'" name="url"> 
    <input type="hidden" value="'.$submittor.'" name="submittor"> 
    <input type="hidden" value="'.$submissiondate.'" name="submissiondate"> 
    <input type="hidden" value="'.$countcomments.'" name="countcomments"> 
    <input type="hidden" value="'.$dispurl.'" name="dispurl"> 



    <label class="addacomment" for="title">Add a comment:</label> 

    <textarea class="commentsubfield" name="comment" type="comment" id="comment" maxlength="1000"></textarea> 

    <div class="commentsubbutton"><input name="submit" type="submit" value="Submit"></div> 
</form> 
'; 
}

来源

2010-05-04 John

回答

2

只需将它们作为参数传递:

function show_commentbox($submissionid, $submission, ...) { 
... 

show_commentbox($submissionid, ...);

注意,我删除$_SESSION['loginid'],因为它不需要通过表单来传递。另外,这可能是敏感信息,因此不应该泄漏。

mysql_real_escape_string只能用于准备要发送到数据库的数据。而应使用htmlspecialcharshtmlentities来准备输出数据。这应该在show_commentbox之前完成,而不是之前,因为它是确定值的目的地的地方。

当然,许多参数都很笨重。一方面,你怎么记得他们的订单?针对特定问题的一种解决方案是关键字参数(在PHP)你必须通过传递一个关联数组来实现,其中:

function show_commentbox($args) { 
... 

show_commentbox(array('submissionID' => $submissionid, ...));

在这种情况下,更好的办法是使用类。它可以是简单:

class CommentBox { 
    public $submissionid, ...; 
    function show() { 
     ?><form ...><?php 
     foreach ($this as $name => $val) { 
      $val = htmlspecialchars($val); 
      ?><input name="<?php echo $name; ?>" value="<?php echo $value; ?>" type="hidden"/><?php 
     } 
     ?></form><?php 
    } 
} 
... 
$cb = new CommentBox(); 
foreach ($cb as $name => $ign) { 
    // note: we don't want to loop over $_GET, as that introduces 
    // potential injection attacks 
    if (isset($_GET[$name])) { 
     $cb->$name = $_GET[$name]; 
    } 
}

或者你也可以使用MVC architecture,分离showFormView类。

因为globals are bad,我故意忽略使用全局变量。

来源

2010-05-04 02:48:00 outis

相关问题

 相关问题