创建过滤器_GET(或_POST)变量的正确方法是什么? [英] What is the proper way to create a filter _GET (or _POST) variable?
问题描述
对此需要解释.我正在向网站添加分页,并且需要在Filter Input/Escape Output上建立一个指针.如下所示,第一次加载页面时,新创建的page
全局默认值为页面1,这是使用简写三元运算符的正确行为.
Need an explanation on this.. I'm adding pagination to a website, and need a pointer on Filter Input/Escape Output. As you can see below, the newly created page
global defaults to page 1 when the page first loads, and this is the correct behavior, using the shorthand ternary operator.
$itemsPerPage = 20;
$numOfFilms = $totalRows->rows;
$numOfPages = ceil($numOfFilms / $itemsPerPage);
$filter ='page';
$getPages = isset($_GET[$filter])
? $_GET[$filter]
: 1;
var_dump($getPages); // <-- Testing
$paginationOptions = [
'options' => [
'default' => 1,
'min_range' => 1,
'max_range' => $numOfPages,
]
];
$pageNumberClean = trim($getPages);
$pageNumber = filter_var(
$pageNumberClean,
FILTER_VALIDATE_INT,
$paginationOptions
);
$range = $itemsPerPage * ($pageNumber - 1);
知道我永远不应该信任用户输入,这也是Netbeans引发警告的原因:
Knowing that I should never trust user input, and in turn the reason Netbeans throws a Warning:
请勿直接访问Superglobal _GET Array.改用一些过滤功能...
Do not Access the Superglobal _GET Array directly. Use some filtering functions instead...
如果我将三元语句的两边都包装在filter_input
中,警告将消失并且在语法上是正确的,但是该页面将无法运行,因为已过滤的输入变量page
在_GET数组中不存在,因此:
If I wrap both sides of the ternary statement in filter_input
the warning goes away and is syntactically correct, but the page will not run, because the filtered input variable page
doesn't exist in the _GET array, so:
-
在不直接访问_GET数组的情况下创建_GET数组变量的公认标准或适当方法是什么?
What is the accepted standard or proper way to create a _GET array variable without directly accessing the _GET array?
换句话说:我可以正确使用filter_input
并创建变量,从而使警告消失吗?
In other words: Can I properly use filter_input
and create the variable, so the warning goes away?
告诉我关闭警告不是我想要的答案.
另外,请注意,我已经在Google上搜索了如何初始化_GET变量",大多数结果都说明了我已经知道的$_GET
和$_POST
之间的区别.
Also, note that I've googled for "How to initialize a _GET variable" and most of the results explain the difference between $_GET
and $_POST
which I already know.
感谢您的时间
推荐答案
这是应该满足NetBeans的解决方案,因为它使用了PHP的过滤器功能之一.正如我在评论中提到的那样,我认为"is_int()"是足够安全的检查,也可以在此处使用.
Here's a solution that should satisfy NetBeans, because it uses one of PHP's filter functions. As I mentioned in a comment, I would consider "is_int()" to be a safe enough check to use here as well.
$filtered_page = filter_input(INPUT_GET, 'page', FILTER_SANITIZE_NUMBER_INT);
$get_pages = (!empty($filtered_page)) ? $filtered_page : 1;
根据以下位置的PHP文档,这将从GET变量中删除所有非整数字符.然后,我们检查以确保剩余的字符串不为空(空白,false或0).
According to the PHP Docs in the following places, this will remove all non-integer characters from the GET variable. We then check to make sure the remaining string isn't empty (either blank, false, or 0).
请注意:页码0将触发空白,并返回1.让我知道这是否是一个问题.
Please note: a page number of 0 will trigger the empty, and return 1. Let me know if this is an issue.
https://secure.php.net/manual/en/function. empty.php https://secure.php.net/manual/en/function.filter -input.php https://secure.php.net/manual/en/filter.filters .sanitize.php
https://php.net/manual/en/function.is- int.php
额外注意:您也可以使用过滤器函数的参数(包括默认值)来执行此操作.这样一来,您可以清晰地用两行代码完成所有操作:
Extra Note: You could also do this with arguments to the filter function, including a default value. That way you could do it all with two lines cleanly:
$filter_options = array('options'=>array('default'=>1, 'min_range'=>1, 'max_range'=>$numOfPages));
$get_pages = filter_input(INPUT_GET, 'page', FILTER_VALIDATE_INT, $filter_options);
这篇关于创建过滤器_GET(或_POST)变量的正确方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!