在PHP中检查每个数组索引真的有多重要?
我正在开发一个相当大的项目,其中有很多地方存在以下代码:
function foo($a, $b, $c, $d, $e, $f) {
$clean = array();
$mysql = array();
$clean['a'] = htmlentities($a);
$clean['b'] = htmlentities($b);
$clean['c'] = htmlentities($c);
$clean['d'] = htmlentities($d);
//...
$mysql['a'] = mysql_real_escape_string($clean['a']);
$mysql['b'] = mysql_real_escape_string($clean['b']);
$mysql['c'] = mysql_real_escape_string($clean['c']);
$mysql['d'] = mysql_real_escape_string($clean['d']);
//...
//construct and execute an SQL query using the data in $mysql
$query = "INSERT INTO a_table
SET a='{$mysql['a']}',
b='{$mysql['b']}',
c='{$mysql['c']}',
d='{$mysql['d']}'";
}
显然,这会在PHP中针对未定义的索引引发很多警告。
是否真的有必要重写代码如下?
function foo($a, $b, $c, $d, $e, $f) {
$clean = array();
$mysql = array();
$clean['a'] = htmlentities($a);
$clean['b'] = htmlentities($b);
$clean['c'] = htmlentities($c);
$clean['d'] = htmlentities($d);
//...
$mysql['a'] = (isset($clean['a'])) ? mysql_real_escape_string($clean['a']) : mysql_real_escape_string($a);
$mysql['b'] = (isset($clean['b'])) ? mysql_real_escape_string($clean['b']) : mysql_real_escape_string($b);
$mysql['c'] = (isset($clean['c'])) ? mysql_real_escape_string($clean['c']) : mysql_real_escape_string($c);
$mysql['d'] = (isset($clean['d'])) ? mysql_real_escape_string($clean['d']) : mysql_real_escape_string($d);
//...
//construct and execute an SQL query using the data in $mysql
if (isset($mysql['a']) and isset($mysql['b']) and isset($mysql['c']) and isset($mysql['d'])) {
$query = "INSERT INTO a_table
SET a='{$mysql['a']}',
b='{$mysql['b']}',
c='{$mysql['c']}',
d='{$mysql['d']}'";
}
}
没有找到相关结果
已邀请:
5 个回复
呢率篓舍烫
显示位置的isset()检查似乎完全没用。变量已经定义。
体悉
然后插入数据,无论其名称和列如何使用:
校勒魏寡
函数之前检查每个变量。 在使用之前检查它们是一个好习惯。
缔恃钨
委婪绷冗诉