在函数中传递变量

时间:2010-05-04 01:17:49

标签: php

在下面的函数show_commentbox()中,我想传递变量$_SESSION['loginid']$submissionid$submission$url$submittor$submissiondate$countcomments$dispurl。通过下面的设置,它无法正常工作。如何更改它以使show_commentbox()传递变量?

提前致谢,

约翰

的index.php:

<?php 

$submission = $_GET['submission'];

 require_once "header.php"; 

 include "login.php";

 include "comments.php";

 include "commentformonoff.php"; 

?>

在header.php中:

require_once ("function.inc.php");

在comments.php中:

$uid = $_SESSION['loginid'];
$submissiondate = mysql_real_escape_string($_GET['submissiondate']);
$submittor = mysql_real_escape_string($_GET['submittor']);
$countcomments = mysql_real_escape_string($_GET['countcomments']);
$dispurl = mysql_real_escape_string($_GET['dispurl']);
$url = mysql_real_escape_string($_GET['url']);
$submission = mysql_real_escape_string($_GET['submission']);
$submissionid = mysql_real_escape_string($_GET['submissionid']);

commentformonoff.php:

<?php
if (!isLoggedIn())
{

    if (isset($_POST['cmdlogin']))
    {

        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_commentbox();
        } else
        {
            echo "Login to comment";

        }
    } else
    {

        echo "Login to comment";
    }

} else
{

    show_commentbox();
}
?>

在display.functions.inc.php中:

function show_commentbox()
{
echo '<form  action="http://www...com/sandbox/comments/comments2.php" method="post"> 
    <input type="hidden" value="'.$_SESSION['loginid'].'" name="uid">
    <input type="hidden" value="'.$submissionid.'" name="submissionid">  
    <input type="hidden" value="'.$submission.'" name="submission">
    <input type="hidden" value="'.$url.'" name="url">
    <input type="hidden" value="'.$submittor.'" name="submittor">
    <input type="hidden" value="'.$submissiondate.'" name="submissiondate">
    <input type="hidden" value="'.$countcomments.'" name="countcomments">
    <input type="hidden" value="'.$dispurl.'" name="dispurl">



    <label class="addacomment" for="title">Add a comment:</label>

    <textarea class="commentsubfield" name="comment" type="comment" id="comment" maxlength="1000"></textarea>  

    <div class="commentsubbutton"><input name="submit" type="submit" value="Submit"></div> 
</form>
'; 
}

1 个答案:

答案 0 :(得分:2)

只需将它们作为参数传递:

function show_commentbox($submissionid, $submission, ...) {
...

show_commentbox($submissionid, ...);

请注意,我删除了$_SESSION['loginid'],因为它不需要通过表单传递即可。此外,它可能是敏感信息,因此不应泄露。

mysql_real_escape_string只应用于准备将要发送到数据库的数据。而是使用htmlspecialcharshtmlentities来准备输出数据。这应该在show_commentbox中完成,而不是之前,因为它确定了值的目的地。

当然,许多参数都很笨重。首先,你怎么记得他们的订单?针对该特定问题的一个解决方案是关键字参数,您必须通过传递关联数组来实现(在PHP中):

function show_commentbox($args) {
...

show_commentbox(array('submissionID' => $submissionid, ...));

在这种情况下,更好的解决方案是使用类。它可以很简单:

class CommentBox {
    public $submissionid, ...;
    function show() {
        ?><form ...><?php
        foreach ($this as $name => $val) {
            $val = htmlspecialchars($val);
            ?><input name="<?php echo $name; ?>" value="<?php echo $value; ?>" type="hidden"/><?php
        }
        ?></form><?php
    }
}
...
$cb = new CommentBox();
foreach ($cb as $name => $ign) {
    // note: we don't want to loop over $_GET, as that introduces
    // potential injection attacks
    if (isset($_GET[$name])) {
        $cb->$name = $_GET[$name];
    }
}

或者您可以开始使用MVC architecture,将show分隔为FormView类。

我故意不使用全局变量,因为globals are bad

相关问题
最新问题