将POST变量分配给实际变量是否更可取? [英] Is it preferred to assign POST variable to an actual variable?

问题描述

我刚刚完成了我的网站和所有SQL发生位置的操作页面的注册表格，我只是跳过了将POST变量分配给实际变量的情况，就像这样...

I've just completed my registration form for my website and for the action page where all the SQL takes place I've just skipped assigning the POST variable to actual ones, like this...

$ username = $ _POST ['username'];

$username = $_POST['username'];

相反，我只是在整个PHP页面中一直使用POST变量.练习时是否有可以克服的风险或错误?

Instead I've just been using the POST variables throughout the PHP page. Are there any risks or errors that can be met whilst practicing?

另外，请问如果我使用的术语不正确...

Also, excuse me if I am using incorrect terminology...

推荐答案

您可能正在运行的一个风险是处理仍保存在raw $_POST[]变量中的原始用户数据.我倾向于将我处理的所有原始数据保存到其他变量中，就像您在$username = $_POST['username']中提到的那样，这样我可以更有效地操作和清理该输入.而不是保存对全局$_POST数组所做的任何调整，而是将我的所有更改临时保存在更可管理的范围内.

One risk you might be running is dealing with raw user data, still saved in the raw $_POST[] variable. I tend to save all the raw data I work with to other variables, like you mentioned with $username = $_POST['username'] so I can manipulate and sanitize that input more efficiently. Rather than save any adjustments I make to the global $_POST array, all my changes are saved temporarily and at a more manageable scope.

例如:

$username = mysql_real_escape_string($_POST['username']);

...优于:

$_POST['username'] = mysql_real_escape_string($_POST['username']);

通常最好保留原始用户数据，并在其他变量中进行调整.

It's generally better to leave the raw user data as is and make your adjustments in other variables.

这篇关于将POST变量分配给实际变量是否更可取?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！