In my webapp I have a page called display.php. The script in this page behaves in different ways depending o开发者_运维问答n POST and GET array content/existence, let's say: If I call this page and GET array isset, the script'll load a record using $_GET['id'], in another case, if no GET isset but isset a ceratin POST key the script'll load a random record from the DB... and so on. 
At the top of my page I've added this simple(trivial) code:
//random loading
if(!isset($_GET['id']) && !isset($_POST["MM_update"])){
 ##
 $fresh_call=true;
 $saving_call=false;
 $pick_a_call=false;
 ##
 $_SESSION['call_id']=time().$_GET['operatore'];
 $call_id=$_SESSION['call_id'];
//I need to load a specified record 
}else if (isset($_GET['id']) && !isset($_POST["MM_update"])) { 
  ##
 $pick_a_call=true;
 $saving_call=false;
 $fresh_call=false;
 ##
 $_SESSION['call_id']=$_GET['id'];
 $call_id=$_SESSION['call_id'];
//update the record
}else if (!isset($_GET['id']) && isset($_POST["MM_update"])){ 
 ##
 $saving_call=true;
 $pick_a_call=false;
 $fresh_call=false;
 ##
 $call_id=$_POST['call_id'];
}
In display.php there's also a form that self-post data to display.php for record update (last condition in the code).
In rest of the script I'm checking $fresh_call, $saving_call, $pick_a_call values to query the db with the right UPDATE/INSERT/SELECT SQL.
I'm not sure about my solution, I would like to design a class that can help me making my script more "clear" and lighter. I think also that this situation is probably a typical problem to solve in PHP coding.
Here's a functional alternative which should work the same as the code you posted, but may be a little easier to understand:
function set_call_id( $val )
{
    $_SESSION['call_id'] = $val;
}
if( isset($_GET['id']) )
{
    set_call_id( $_GET['id'] );
    pick_a_call();
}
else if( isset($_POST["MM_update"]) )
{
    set_call_id( $_POST['call_id'] );
    saving_call();
}
else
{
    set_call_id( time() . $_GET['operatore'] );
    fresh_call();
}
It's not part of the script you have posted, but I think the most important thing you need to do is make sure you are first escaping your GET/POST vars before using them to query the database.
For example, if you are using MySQL, you could use mysql_real_escape_string().
 
         
                                         
                                         
                                         
                                        ![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif) 
                                         
                                         
                                         
                                         加载中,请稍侯......
 加载中,请稍侯......
      
精彩评论