开发者

PHP - Dealing with GET and POST arrays

In my webapp I have a page called display.php. The script in this page behaves in different ways depending o开发者_运维问答n POST and GET array content/existence, let's say: If I call this page and GET array isset, the script'll load a record using $_GET['id'], in another case, if no GET isset but isset a ceratin POST key the script'll load a random record from the DB... and so on.

At the top of my page I've added this simple(trivial) code:

//random loading
if(!isset($_GET['id']) && !isset($_POST["MM_update"])){

 ##
 $fresh_call=true;
 $saving_call=false;
 $pick_a_call=false;
 ##

 $_SESSION['call_id']=time().$_GET['operatore'];

 $call_id=$_SESSION['call_id'];

//I need to load a specified record 

}else if (isset($_GET['id']) && !isset($_POST["MM_update"])) { 

  ##
 $pick_a_call=true;
 $saving_call=false;
 $fresh_call=false;
 ##

 $_SESSION['call_id']=$_GET['id'];

 $call_id=$_SESSION['call_id'];

//update the record

}else if (!isset($_GET['id']) && isset($_POST["MM_update"])){ 

 ##
 $saving_call=true;
 $pick_a_call=false;
 $fresh_call=false;
 ##

 $call_id=$_POST['call_id'];
}

In display.php there's also a form that self-post data to display.php for record update (last condition in the code).

In rest of the script I'm checking $fresh_call, $saving_call, $pick_a_call values to query the db with the right UPDATE/INSERT/SELECT SQL.

I'm not sure about my solution, I would like to design a class that can help me making my script more "clear" and lighter. I think also that this situation is probably a typical problem to solve in PHP coding.


Here's a functional alternative which should work the same as the code you posted, but may be a little easier to understand:

function set_call_id( $val )
{
    $_SESSION['call_id'] = $val;
}

if( isset($_GET['id']) )
{
    set_call_id( $_GET['id'] );
    pick_a_call();
}
else if( isset($_POST["MM_update"]) )
{
    set_call_id( $_POST['call_id'] );
    saving_call();
}
else
{
    set_call_id( time() . $_GET['operatore'] );
    fresh_call();
}


It's not part of the script you have posted, but I think the most important thing you need to do is make sure you are first escaping your GET/POST vars before using them to query the database.

For example, if you are using MySQL, you could use mysql_real_escape_string().

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜