创建过滤器_GET(或_POST)变量的正确方法是什么? [英] What is the proper way to create a filter _GET (or _POST) variable?

问题描述

对此需要解释.我正在向网站添加分页，并且需要在Filter Input/Escape Output上建立一个指针.如下所示，第一次加载页面时，新创建的page全局默认值为页面1，这是使用简写三元运算符的正确行为.

Need an explanation on this.. I'm adding pagination to a website, and need a pointer on Filter Input/Escape Output. As you can see below, the newly created page global defaults to page 1 when the page first loads, and this is the correct behavior, using the shorthand ternary operator.

$itemsPerPage = 20;
$numOfFilms = $totalRows->rows;
$numOfPages = ceil($numOfFilms / $itemsPerPage);

$filter ='page';

$getPages = isset($_GET[$filter])
   ? $_GET[$filter]
   : 1;

var_dump($getPages); // <-- Testing

$paginationOptions = [
    'options' => [
        'default'   => 1,
        'min_range' => 1,
        'max_range' => $numOfPages,
    ]
];

$pageNumberClean = trim($getPages);
$pageNumber = filter_var(
    $pageNumberClean,
    FILTER_VALIDATE_INT,
    $paginationOptions
);
$range  = $itemsPerPage * ($pageNumber - 1);

知道我永远不应该信任用户输入，这也是Netbeans引发警告的原因:

Knowing that I should never trust user input, and in turn the reason Netbeans throws a Warning:

请勿直接访问Superglobal _GET Array.改用一些过滤功能...

Do not Access the Superglobal _GET Array directly. Use some filtering functions instead...

---

如果我将三元语句的两边都包装在filter_input中，警告将消失并且在语法上是正确的，但是该页面将无法运行，因为已过滤的输入变量page在_GET数组中不存在，因此:

---

If I wrap both sides of the ternary statement in filter_input the warning goes away and is syntactically correct, but the page will not run, because the filtered input variable page doesn't exist in the _GET array, so:

• 在不直接访问_GET数组的情况下创建_GET数组变量的公认标准或适当方法是什么?

• What is the accepted standard or proper way to create a _GET array variable without directly accessing the _GET array?

换句话说:我可以正确使用filter_input并创建变量，从而使警告消失吗?

In other words: Can I properly use filter_input and create the variable, so the warning goes away?

告诉我关闭警告不是我想要的答案.

另外，请注意，我已经在Google上搜索了如何初始化_GET变量"，大多数结果都说明了我已经知道的$_GET和$_POST之间的区别.

Also, note that I've googled for "How to initialize a _GET variable" and most of the results explain the difference between $_GET and $_POST which I already know.

感谢您的时间

推荐答案

这是应该满足NetBeans的解决方案，因为它使用了PHP的过滤器功能之一.正如我在评论中提到的那样，我认为"is_int()"是足够安全的检查，也可以在此处使用.

Here's a solution that should satisfy NetBeans, because it uses one of PHP's filter functions. As I mentioned in a comment, I would consider "is_int()" to be a safe enough check to use here as well.

$filtered_page = filter_input(INPUT_GET, 'page', FILTER_SANITIZE_NUMBER_INT);
$get_pages = (!empty($filtered_page)) ? $filtered_page : 1;

根据以下位置的PHP文档，这将从GET变量中删除所有非整数字符.然后，我们检查以确保剩余的字符串不为空(空白，false或0).

According to the PHP Docs in the following places, this will remove all non-integer characters from the GET variable. We then check to make sure the remaining string isn't empty (either blank, false, or 0).

请注意:页码0将触发空白，并返回1.让我知道这是否是一个问题.

Please note: a page number of 0 will trigger the empty, and return 1. Let me know if this is an issue.

https://secure.php.net/manual/en/function. empty.php https://secure.php.net/manual/en/function.filter -input.php https://secure.php.net/manual/en/filter.filters .sanitize.php

https://php.net/manual/en/function.is- int.php

额外注意:您也可以使用过滤器函数的参数(包括默认值)来执行此操作.这样一来，您可以清晰地用两行代码完成所有操作:

Extra Note: You could also do this with arguments to the filter function, including a default value. That way you could do it all with two lines cleanly:

$filter_options = array('options'=>array('default'=>1, 'min_range'=>1, 'max_range'=>$numOfPages));

$get_pages = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT, $filter_options);

这篇关于创建过滤器_GET(或_POST)变量的正确方法是什么?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！