开发者

confusion receiving an string value with functions list() and split()

buy.php

<form action开发者_C百科="cart.php">
<input style="width:10px; margin-left:9px; " name="price[]" type="checkbox" value="'  .    $variety['price']. '_'. $variety['variety'] '_'. $product['name']. '"  />
 </form>

I am sending the input form above to cart.php inthere I receive it like:

list($aDoor, $variety,$productname) = split('_', $_POST['price']);
$aDoor = array();
$variety = array();
$productname= // $productname is a string how can I set it up here?

foreach ($_POST['price'] as $p)
{
  list($a, $b,$c) = explode('_', $p);
  $aDoor[] = $a;
  $variety[] = $b;
  $productname =$c; // and I have put it equal to the variable $c here
}

The only problem above is receiving the index $product['name'] coming from the form in buy.php

In cart.php I have set it up to be received by $productname but as you can see this is an string not a array how can I set it up when it is an string in with the functions list() and split() it confuses me.


Ok. There's a few things wrong with your script.

1) You've not specified a method on your form tag, so by default the data will be submitted as a 'GET'. You're using $_POST in your script, so those values will be blank and the foreach loop will fail as $_POST['price'] doesn't exist.

2) You're naming the checkbox as "price[]". The [] tells PHP that there will be multiple values submitted with this same name, so that $_GET['price'] will be an array. Your first few lines of code will then fail, as split works on strings, not arrays. You'll end up with the following values assigned

 $aDoor = "Array"
 $variety = NULL;
 $productname = NULL;

PHP attempts to convert your $GET['price'] array to a string, but this defaults to just coming back as the string 'Array', and there's no "" values in there, so the rest of the list() variables having nothing to be assigned to them, so they become null.

3) Split's been deprecated and will be removed in PHP 6, so use explode() instead (as you do just a few lines later)

4) You then immediately trash those values by assigning empty arrays for $aDoor and $variety, so in effect the split line was useless

The foreach loop looks fine, though you'll want to assign to a $productname array, instead of a string, so use $productname[] = $c;

5) I would, however, not store the data you're explode()ing in three seperate arrays. It would make more sense to store it like this:

$products = array();
foreach($_POST['price'] as $p) {
   list($a, $b, $c) = explode('_', $p);
   $products[] = array('aDoor' => $a, 'variety' => $b, 'productname' => $c);
}

This way you don't have to pass around 3 arrays (or make them 'global') in any functions that use this data, you can pass just a single variable (ie: updateInventory($products[7]); )

5) If this shopping cart script was released into the wild, it could be a gaping security hole on the server. What would stop someone from constructing their own price by passing in something like "$0.00_fire engine red-ferrari" as the price field? I've always wanted a free Ferrari, and round-tripping pricing data through the user's browser is a nice way to get it. Never, ever, trust a client to NOT hack up critical data, such as its price.


$productname = '';


If you don't specify the method attribute of the form, the default is GET. In your script you are using POST, try putting POST method to your form:

 <form action="cart.php" method="post">

Secondly, even if $productname is a string but you can convert it to array (like you have done for other vars) by suffixing it with [], so your code becomes:

$aDoor = array();
$variety = array();
$productname = array();

foreach ($_POST['price'] as $p)
{
  list($a,$b,$c) = explode('_', $p);
  $aDoor[] = $a;
  $variety[] = $b;
  $productname[] = $c;
}

Now these three arrays contains your data.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜