I'm finishing up a small contact form and had a question about providing default values for $_POST. The reason I'm asking about default values is because within my form I have fields like this:
我正在填写一份小型联系表格,并提出了一个关于为$ _POST提供默认值的问题。我询问默认值的原因是因为在我的表单中我有这样的字段:
<input type="text" name="fullname" value="<?php echo $_POST['fullname']; ?>" />
Clearly I would like to retain the submitted value if I do not permit the data to clear. This raises errors when the page is first loaded, since there is no value for $_POST['fullname'].
显然,如果我不允许数据清除,我想保留提交的值。这会在首次加载页面时引发错误,因为$ _POST ['fullname']没有值。
To my question: is there anything I should be concerend about providing default values to the $_POST array like I'm doing in the next code-sample:
对于我的问题:对于为$ _POST数组提供默认值,有什么我应该承认的,就像我在下一个代码示例中所做的那样:
$_POST += array(
'fullname' = '',
);
If $_POST['fullname'] already exists, it will be retained - if it doesn't, it will be created within the array. This way, upon loading the form, blank values will be presented in the input fields.
如果$ _POST ['fullname']已经存在,它将被保留 - 如果不存在,它将在数组中创建。这样,在加载表单时,空白值将显示在输入字段中。
Don't worry, all
I sanitize my data
Thank you for the help
别担心,我只是清理我的数据谢谢你的帮助
3 个解决方案
#1
2
Even if you are doing so, put that data in your container, do not modify superglobals. Create class that'll contain your data - then you'll have the interface do sanitize, manipulate and get it te proper way. Import data from $_POST and then validate, if all necessary values are in.
即使您这样做,也要将这些数据放入容器中,不要修改超级全局。创建将包含您的数据的类 - 然后您将使接口执行清理,操作并以正确的方式获取它。从$ _POST导入数据,然后验证是否包含所有必需值。
As for code:
至于代码:
<?php
class PostData
{
private $data;
public function __construct(array $data)
{
$this->data = is_array($data)
? $data
: array();
}
public function set($key, $value)
{
$this->data[$key] = $value;
}
public function get($key, $default, $escaping)
{
if(isset($this->data[$key]))
{
switch($escaping)
{
case 'htmlspecialchars':
{
return htmlspecialchars($this->data[$key]);
break;
}
case 'mysql_real_escape_string':
{
return mysql_real_escape_string($this->data[$key]);
break;
}
// and so on, your invention goes here
default:
{
return $this->data[$key];
}
}
}
else
{
return $default;
}
}
}
$postData = new PostData($_POST);
#2
2
Create function:
创建功能:
function displayValue($field) {
if(isset($_POST[$field])) {
echo 'value="' . htmlentities($_POST[$field]) . '"';
}
}
And then use like:
然后使用像:
<input type="text" name="fullname" <?php displayValue('fullname'); ?> />
#3
0
You can also do it like this:
你也可以这样做:
<?php echo empty($_POST['fullname']) ? null : $_POST['fullname']; ?>
#1
2
Even if you are doing so, put that data in your container, do not modify superglobals. Create class that'll contain your data - then you'll have the interface do sanitize, manipulate and get it te proper way. Import data from $_POST and then validate, if all necessary values are in.
即使您这样做,也要将这些数据放入容器中,不要修改超级全局。创建将包含您的数据的类 - 然后您将使接口执行清理,操作并以正确的方式获取它。从$ _POST导入数据,然后验证是否包含所有必需值。
As for code:
至于代码:
<?php
class PostData
{
private $data;
public function __construct(array $data)
{
$this->data = is_array($data)
? $data
: array();
}
public function set($key, $value)
{
$this->data[$key] = $value;
}
public function get($key, $default, $escaping)
{
if(isset($this->data[$key]))
{
switch($escaping)
{
case 'htmlspecialchars':
{
return htmlspecialchars($this->data[$key]);
break;
}
case 'mysql_real_escape_string':
{
return mysql_real_escape_string($this->data[$key]);
break;
}
// and so on, your invention goes here
default:
{
return $this->data[$key];
}
}
}
else
{
return $default;
}
}
}
$postData = new PostData($_POST);
#2
2
Create function:
创建功能:
function displayValue($field) {
if(isset($_POST[$field])) {
echo 'value="' . htmlentities($_POST[$field]) . '"';
}
}
And then use like:
然后使用像:
<input type="text" name="fullname" <?php displayValue('fullname'); ?> />
#3
0
You can also do it like this:
你也可以这样做:
<?php echo empty($_POST['fullname']) ? null : $_POST['fullname']; ?>