清理并重新使用$ _POST [英] cleaning and re-using $_POST
问题描述
问候......
我想知道更高级的程序员会怎么想这个:
$ _POST ['' myvar''] =干净($ _ POST [''myvar'']);
现在我可以直接使用POST:
$ sql =" select * from T1 where myvar =''$ _ POST [myvar]''" ;
函数清理($ var){
返回addslashes(trim($ var)); //无论是什么
}
我想出这个的原因是因为我经常最终打电话给
clean()几个相同变量的次数。因此,为了避免为每个发布的一个声明一个php
变量,我会使用一个数组
$ arr [''myvar''] = clean($ _POST [''myvar'']));
$ arr [''myvar2''] = clean($ _ POST [''myvar2'']));
>
但由于$ _POST已经存在,为什么不使用它呢?好处是
更简单的代码,但也许有一些安全问题 - 这就是我不知道的事情。
_POST [''myvar''] = clean(
_POST [''myvar'']);
现在我可以直接使用POST:
sql =" select * from T1 where myvar ='
greetings...
I''m wondering what more advanced coders would think ot this:
$_POST[''myvar''] = clean($_POST[''myvar'']);
and now I can use POST directly:
$sql= "select * from T1 where myvar=''$_POST[myvar]'' " ;
function clean($var){
return addslashes(trim($var)); // whatever
}
The reason I came up with this is because i often end up calling
clean() several times on the same variable. So to avoid declaring a php
variable for each posted one, I would use an array
$arr[''myvar'']=clean($_POST[''myvar''])) ;
$arr[''myvar2'']=clean($_POST[''myvar2''])) ;
but since $_POST is already there, why not use it? The benefit is
simpler code, but maybe there are some security issues - that''s what I
don''t know.
_POST[''myvar''] = clean(
_POST[''myvar'']);
and now I can use POST directly:
sql= "select * from T1 where myvar=''
这篇关于清理并重新使用$ _POST的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!