清理并重新使用$ _POST [英] cleaning and re-using $_POST

问题描述

问候......


我想知道更高级的程序员会怎么想这个：


$ _POST ['' myvar''] =干净（$ _ POST [''myvar'']）;


现在我可以直接使用POST：


$ sql =" select * from T1 where myvar =''$ _ POST [myvar]''" ;


函数清理（$ var）{

返回addslashes（trim（$ var））; //无论是什么

}


我想出这个的原因是因为我经常最终打电话给

clean（）几个相同变量的次数。因此，为了避免为每个发布的一个声明一个php

变量，我会使用一个数组


$ arr [''myvar''] = clean（$ _POST [''myvar'']））;

$ arr [''myvar2''] = clean（$ _ POST [''myvar2'']））;

但由于$ _POST已经存在，为什么不使用它呢？好处是

更简单的代码，但也许有一些安全问题 - 这就是我不知道的事情。

解决方案

_POST [''myvar''] = clean（

_POST [''myvar'']）;


现在我可以直接使用POST：

sql =" select * from T1 where myvar ='

greetings...

I''m wondering what more advanced coders would think ot this:

$_POST[''myvar''] = clean($_POST[''myvar'']);

and now I can use POST directly:

$sql= "select * from T1 where myvar=''$_POST[myvar]'' " ;

function clean($var){
return addslashes(trim($var)); // whatever
}

The reason I came up with this is because i often end up calling
clean() several times on the same variable. So to avoid declaring a php
variable for each posted one, I would use an array

$arr[''myvar'']=clean($_POST[''myvar''])) ;
$arr[''myvar2'']=clean($_POST[''myvar2''])) ;

but since $_POST is already there, why not use it? The benefit is
simpler code, but maybe there are some security issues - that''s what I
don''t know.

解决方案

_POST[''myvar''] = clean(

_POST[''myvar'']);

and now I can use POST directly:

sql= "select * from T1 where myvar=''

这篇关于清理并重新使用$ _POST的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！