[英]How can I make my code better and/or more efficient
我正在尝试提高PHP编程技能,有人可以根据我编写的这段代码给我任何提示或指导吗?
<?php
include("db.php");
include("function.php");
//variables
$number = htmlspecialchars($_POST['num']);
$date = date("Y-m-d");
//validate phone number
if (strlen($_POST['num']) != 12){
print "Invalid Phone Number.";
die();
}
//check how many times the number was called today
$callstoday = mysql_query("
SELECT number
FROM numbers
WHERE number = '$number'
AND date
LIKE '$date%'")
or die(mysql_error());
$callstotal = mysql_num_rows($callstoday);
//cant do more than 5 calls
if ($callstotal < 5){
//do nothing
}else{
print "Not Allowed";
die();
}
//break up the number in 3 parts
$bits = explode("-", $number);
$data = get_carrier("http://site.com/?action=carrierlookup&p1=".$bits[0]."&p2=".$bits[1]."&p3=".$bites[2]."&iecache=0");
//check when they want to call
if ($_POST['when'] == 'now' ){
$when = "0";
}elseif($_POST['when'] == 'secs'){
$when = "30";
}elseif($_POST['when'] == 'minute'){
$when = "60";
}elseif($_POST['when'] == '2minute'){
$when = "120";
}elseif($_POST['when'] == '5minute'){
$when = "300";
}
//check for carrier
if(strstr($data, 'Cingular')){
$carrier = "AT&T";
}elseif(strstr($data, 'Sprint')){
$carrier = "Sprint";
}elseif(strstr($data, 'Verzion')){
$carrier = "Verzion";
}elseif(strstr($data, 'T-Mobile')){
$carrier = "T-Mobile";
}elseif(strstr($data, 'Boost')){
$carrier = "Boost Mobile";
}elseif(strstr($data, 'Cricket')){
$carrier = "Cricket";
}elseif(strstr($data, 'Alltel')){
$carrier = "Alltel";
}elseif(strstr($data, 'Unable')){
$carrier = "Unknown Carrier";
}
//inset number and carrier into database.
mysql_query("INSERT INTO numbers (number, carrier)
VALUES ('$number', '$carrier')");
print "success";
mysql_close($con);
//call out to the number
$strippednumber = str_replace("-", "", $number);
$call = call("http://domain.com");
?>
$number = htmlspecialchars($_POST['num']);
不会阻止可能的SQL注入。 您需要添加一个
$number = mysql_real_escape_string($number);
$_POST["when"]
检查最好在数组检查中进行。
$whens = array("now" => "0", "secs" => "30".....);
if (array_key_exists($_POST['when'], $whens))
$when = $whens[$_POST['when']];
承运人检查也是如此:
$carriers = array("Cingular" => "AT&T", "Sprint" => "Sprint" .....);
foreach ($carriers as $key => $value)
if (strstr($data, $key))
{
$carrier = $value;
break;
}
您可能要添加检查,以确定是否未设置POST变量之一。
include("db.php");
include("function.php");
最好使用require_once('file')。
$number = htmlspecialchars($_POST['num']);
我会使用(int)$_POST['num']
-防止任何形式的意外。
if ($callstotal < 5){
//do nothing
}else{
print "Not Allowed";
die();
}
“ //不执行任何操作”实际上并不是最好的方法。 像这样做:
if ($callstotal >= 5){
print "Not Allowed";
die();
}
我也同意这一点:
$carriers = array("Cingular" => "AT&T", "Sprint" => "Sprint" .....);
祝一切顺利! :)
首先这里是一些技巧。
您提供的代码没有太多可以优化的地方,主要是可读性。 我已经稍微更新了您的脚本,修复了som注入问题,并稍微更新了可读性。
但是,如果您确实希望将php编程提高到一个全新的水平,请先看一看类,并在对它们感到满意之后,尝试使用MVC。 我可以推荐Zend框架。
<?php
include("db.php");
include("function.php");
//variables
$number = htmlspecialchars($_POST['num']);
$date = date("Y-m-d");
//validate phone number
if (strlen($_POST['num']) != 12){
print "Invalid Phone Number.";
die();
}
//check how many times the number was called today
$callstoday = mysql_query('
SELECT count(0) as `count`
FROM numbers
WHERE number = '.mysql_real_escape_string($number).'
AND date
LIKE \''.mysql_real_escape_string($date).'%\'')
or die(mysql_error());
$callstoday = $callstoday[0]['count'];
//cant do more than 5 calls
if ($callstotal >= 5){
print "Not Allowed";
die();
}
//break up the number in 3 parts
$bits = explode('-', $number);
$data = get_carrier('http://site.com/?action=carrierlookup&p1='.$bits[0].'&p2='.$bits[1].'&p3='.$bites[2].'&iecache=0');
//check when they want to call
switch($_POST['when'])
{
case 'now':
$when = 0;
break;
case 'secs':
$when = 30;
break;
case 'minute':
$when = 60;
break;
case '2minute':
$when = 120;
break;
case '5minute':
$when = 300;
break;
}
//check for carrier
if(strstr($data, 'Cingular'))
$carrier = "AT&T";
elseif(strstr($data, 'Sprint'))
$carrier = "Sprint";
elseif(strstr($data, 'Verzion'))
$carrier = "Verzion";
elseif(strstr($data, 'T-Mobile'))
$carrier = "T-Mobile";
elseif(strstr($data, 'Boost'))
$carrier = "Boost Mobile";
elseif(strstr($data, 'Cricket'))
$carrier = "Cricket";
elseif(strstr($data, 'Alltel'))
$carrier = "Alltel";
elseif(strstr($data, 'Unable'))
$carrier = "Unknown Carrier";
//inset number and carrier into database.
mysql_query("INSERT INTO numbers (number, carrier)
VALUES (\''.mysql_real_escape_string($number).'\', \''.mysql_real_escape_string($carrier).'\')");
print "success";
mysql_close($con);
//call out to the number
$strippednumber = str_replace("-", "", $number);
$call = call("http://domain.com");
还有三件事:
date>=CUR_DATE() AND date<DATE_ADD(CUR_DATE(), INTERVAL 1 DAY)
-写的选择可能需要数据库将每个日期转换为字符串进行比较,除非其查询优化器识别出这种模式。 if (!preg_match("/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/", $num)) { // Invalid number - fail }
我在这里没有使用$ when变量。 但看起来您必须已经在HTML表单中进行了设置:
<option value ="0">now</option>
<option value ="30">secs</option>
...
将在$ _POST [“ when”]中为您提供所需的号码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.