PHP - Dealing with GET and POST arrays
In my webapp I have a page called display.php. The script in this page behaves in different ways depending o开发者_运维问答n POST and GET array content/existence, let's say: If I call this page and GET array isset
, the script'll load a record using $_GET['id']
, in another case, if no GET isset
but isset
a ceratin POST key the script'll load a random record from the DB... and so on.
At the top of my page I've added this simple(trivial) code:
//random loading
if(!isset($_GET['id']) && !isset($_POST["MM_update"])){
##
$fresh_call=true;
$saving_call=false;
$pick_a_call=false;
##
$_SESSION['call_id']=time().$_GET['operatore'];
$call_id=$_SESSION['call_id'];
//I need to load a specified record
}else if (isset($_GET['id']) && !isset($_POST["MM_update"])) {
##
$pick_a_call=true;
$saving_call=false;
$fresh_call=false;
##
$_SESSION['call_id']=$_GET['id'];
$call_id=$_SESSION['call_id'];
//update the record
}else if (!isset($_GET['id']) && isset($_POST["MM_update"])){
##
$saving_call=true;
$pick_a_call=false;
$fresh_call=false;
##
$call_id=$_POST['call_id'];
}
In display.php there's also a form that self-post data to display.php for record update (last condition in the code).
In rest of the script I'm checking $fresh_call
, $saving_call
, $pick_a_call
values to query the db with the right UPDATE/INSERT/SELECT SQL.
I'm not sure about my solution, I would like to design a class that can help me making my script more "clear" and lighter. I think also that this situation is probably a typical problem to solve in PHP coding.
Here's a functional alternative which should work the same as the code you posted, but may be a little easier to understand:
function set_call_id( $val )
{
$_SESSION['call_id'] = $val;
}
if( isset($_GET['id']) )
{
set_call_id( $_GET['id'] );
pick_a_call();
}
else if( isset($_POST["MM_update"]) )
{
set_call_id( $_POST['call_id'] );
saving_call();
}
else
{
set_call_id( time() . $_GET['operatore'] );
fresh_call();
}
It's not part of the script you have posted, but I think the most important thing you need to do is make sure you are first escaping your GET/POST vars before using them to query the database.
For example, if you are using MySQL, you could use mysql_real_escape_string().
精彩评论