Xem mẫu
User-Defined Functions
PHP enables you to create user-defined functions that, like JavaScript functions, enable you to package up code you want to reuse. Here`s how a function is declared:
function myFunction($arg = 0) { // Do stuff
}
The function keyword indicates that you`re creating a user-defined function. The name of the function follows. In this case, it`s myFunction. The rules for function names and variable names are the samenumbers, letters, and underscores are valid. The list of arguments that the function accepts follows the function name, in parentheses.
The preceding function has one argument, $arg. In this example, I`ve set a default value for the argument. The variable $arg would be set to 0 if the function were called like this:
myFunction();
On the other hand, $arg would be set to 55 if the function were called like this:
myFunction(55);
Functions can just as easily accept multiple arguments:
function myOtherFunction($arg1, $arg2, $arg3) {
// Do stuff }
As you can see, myOtherFunction accepts three arguments, one of which is an array. Valid calls to this function include the following:
myOtherFunction(`one`, `two`, array(`three`)); myOtherFunction(`one`, `two`); myOtherFunction(0, 0, @stuff); myOtherFunction(1, `blue`);
One thing you can`t do is leave out arguments in the middle of a list. So if you have a function that accepts three arguments, there`s no way to set just the first and third arguments and leave out the second, or set the second and third and leave out the first. If you pass one argument in, it will be assigned to the function`s first argument. If you pass in two arguments, they will be assigned to the first and second arguments to the function.
file:///G|/1/0672328860/ch20lev1sec6.html (1 von 3) [19.12.2006 13:50:15]
Returning Values
Optionally, your function can return a value, or more specifically, a variable. Here`s a simple example of a function:
function add($a = 0, $b = 0) { return $a + $b;
}
The return keyword is used to indicate that the value of a variable should be returned to the caller of a function. You could call the previous function like this:
$sum = add(2, 3); // $sum set to 5
A function can just as easily return an array. Here`s an example:
function makeArray($a, $b) { return array($a, $b);
}
$new_array = makeArray(`one`, `two`);
If you don`t explicitly return a value from your function, PHP will return the result of the last expression inside the function anyway. For example, let`s say I wrote the add function like this:
function add($a = 0, $b = 0) { $a + $b;
}
Because $a + $b is the last expression in the function, PHP will go ahead and return its result. That`s the case for logical expressions as well. Here`s an example:
function negate($a) { !$a;
}
negate(1); // returns false negate(0); // returns true
Your function can also return the result of another function, whether it`s built in or one you wrote yourself. Here are a couple of examples:
function add($a = 0, $b = 0) { return $a + $b;
}
function alsoAdd($a = 0, $b = 0) { return add($a, $b);
file:///G|/1/0672328860/ch20lev1sec6.html (2 von 3) [19.12.2006 13:50:15]
}
file:///G|/1/0672328860/ch20lev1sec6.html (3 von 3) [19.12.2006 13:50:15]
Processing Forms
You learned how to create forms back in Lesson 10, "Designing Forms," and although I explained how to
design a form, I didn`t give you a whole lot of information about what to do with form data once it`s submitted. Now I`m going to explain how PHP makes data that has been submitted available to your PHP scripts.
When a user submits a form, PHP automatically decodes the variables and copies the values into some built-in variables. Built-in variables are like built-in functionsyou can always count on their being defined when you run a script. The three associated with form data are $_GET, $_POST, and $_REQUEST. These variables are all associative arrays, and the names assigned to the form fields on your form are the keys to the arrays.
$_GET contains all the parameters submitted using the GET method (in other words, in the query string). The $_POST method contains all the parameters submitted via POST in the response body. $_REQUEST contains all the form parameters regardless of how they were submitted. Unless you have a specific reason to differentiate between GET and POST, you can use $_REQUEST. Let`s look at a simple example of a form:
When the user submits the form, the value of the yourname field will be available in $_POST and $_REQUEST. You could return it to the user like this:
nguon tai.lieu . vn
Hello . Thanks for visiting.
Preventing Cross-Site Scripting You have to be careful when you display data entered by a user on a web page because malicious users can include HTML tags and JavaScript in their input in an attempt to trick other users who might view that information into doing something they might not want to do, such as entering their password to your site and submitting it to another site. This is known as a cross-site scripting attack. In order to prevent malicious users from doing that sort of thing, PHP includes the htmlspecialchars() function, which automatically encodes any special characters in a string so that they are displayed on a page rather than letting the browser treat them as markup. Or, if you prefer, you can use htmlentities(), which encodes all of the characters that are encoded by htmlspecialchars() plus any other characters that can be represented as entities. In the preceding example, you`d really want to write the script that displays the user`s name like this: file:///G|/1/0672328860/ch20lev1sec7.html (1 von 11) [19.12.2006 13:50:17]Hello . Thanks for visiting.
That prevents the person who submitted the data from launching a successful crosssite scripting attack. If you prefer, you can also use the strip_tags() function, which just removes all the HTML tags from a string. Finally, if your form is submitted using the POST method, you should refer to the parameters using $_POST rather than $_REQUEST, which also helps to avoid certain types of attacks by ignoring information appended to the URL via the query string. Once you have access to the data the user submitted, you can do whatever you like with it. You can validate it (even if you have JavaScript validation, you should still validate user input on the server as well), store it in a database for later use, or send it to someone via email. Handling Parameters with Multiple Values Most form fields are easy to deal with; they`re simple name and value pairs. If you have a text field or radio button group, for example, you can access the value submitted using $_REQUEST, like this: $radio_value = $_REQUEST[`radiofield`]; $text_value = $_REQUEST[`textfield`]; There are some types of fields, however, that submit multiple name and value pairs, specifically check boxes and multiple select lists. If you have a group of five check boxes on a form, that field can actually submit up to five separate parameters, all of which have the same name and different values. PHP handles this by converting the user input into an array rather than a regular variable. Unfortunately, you have to give PHP a hint to let it know that a field should be handled this way. (PHP has no idea what your form looks like; all it knows about is the data that has been submitted.) If you include [] at the end of the name of a form field, PHP knows that it should expect multiple values for that field and converts the parameters into an array. This occurs even if only one value is submitted for that field. Here`s an example: When the form is submitted, you can access the values as you would for any other parameter, except that the value in the $_REQUEST array for this parameter will be an array rather than a single value. You can access it like this: file:///G|/1/0672328860/ch20lev1sec7.html (2 von 11) [19.12.2006 13:50:17] ... - tailieumienphi.vn