如何使我的代码更好和/或更有效
[英]How can I make my code better and/or more efficient
问题描述
我正在尝试提高PHP编程技能,有人可以根据我编写的这段代码给我任何提示或指导吗?
<?php
include("db.php");
include("function.php");
//variables
$number = htmlspecialchars($_POST['num']);
$date = date("Y-m-d");
//validate phone number
if (strlen($_POST['num']) != 12){
print "Invalid Phone Number.";
die();
}
//check how many times the number was called today
$callstoday = mysql_query("
SELECT number
FROM numbers
WHERE number = '$number'
AND date
LIKE '$date%'")
or die(mysql_error());
$callstotal = mysql_num_rows($callstoday);
//cant do more than 5 calls
if ($callstotal < 5){
//do nothing
}else{
print "Not Allowed";
die();
}
//break up the number in 3 parts
$bits = explode("-", $number);
$data = get_carrier("http://site.com/?action=carrierlookup&p1=".$bits[0]."&p2=".$bits[1]."&p3=".$bites[2]."&iecache=0");
//check when they want to call
if ($_POST['when'] == 'now' ){
$when = "0";
}elseif($_POST['when'] == 'secs'){
$when = "30";
}elseif($_POST['when'] == 'minute'){
$when = "60";
}elseif($_POST['when'] == '2minute'){
$when = "120";
}elseif($_POST['when'] == '5minute'){
$when = "300";
}
//check for carrier
if(strstr($data, 'Cingular')){
$carrier = "AT&T";
}elseif(strstr($data, 'Sprint')){
$carrier = "Sprint";
}elseif(strstr($data, 'Verzion')){
$carrier = "Verzion";
}elseif(strstr($data, 'T-Mobile')){
$carrier = "T-Mobile";
}elseif(strstr($data, 'Boost')){
$carrier = "Boost Mobile";
}elseif(strstr($data, 'Cricket')){
$carrier = "Cricket";
}elseif(strstr($data, 'Alltel')){
$carrier = "Alltel";
}elseif(strstr($data, 'Unable')){
$carrier = "Unknown Carrier";
}
//inset number and carrier into database.
mysql_query("INSERT INTO numbers (number, carrier)
VALUES ('$number', '$carrier')");
print "success";
mysql_close($con);
//call out to the number
$strippednumber = str_replace("-", "", $number);
$call = call("http://domain.com");
?>
5 个解决方案
解决方案1
2 2010-08-15 07:40:10
$number = htmlspecialchars($_POST['num']);
不会阻止可能的SQL注入。 您需要添加一个
$number = mysql_real_escape_string($number);
$_POST["when"]检查最好在数组检查中进行。
$whens = array("now" => "0", "secs" => "30".....);
if (array_key_exists($_POST['when'], $whens))
$when = $whens[$_POST['when']];
承运人检查也是如此:
$carriers = array("Cingular" => "AT&T", "Sprint" => "Sprint" .....);
foreach ($carriers as $key => $value)
if (strstr($data, $key))
{
$carrier = $value;
break;
}
您可能要添加检查,以确定是否未设置POST变量之一。
解决方案2
1 2012-11-23 14:12:09
include("db.php");
include("function.php");
最好使用require_once('file')。
$number = htmlspecialchars($_POST['num']);
我会使用(int)$_POST['num'] -防止任何形式的意外。
if ($callstotal < 5){
//do nothing
}else{
print "Not Allowed";
die();
}
“ //不执行任何操作”实际上并不是最好的方法。 像这样做:
if ($callstotal >= 5){
print "Not Allowed";
die();
}
我也同意这一点:
$carriers = array("Cingular" => "AT&T", "Sprint" => "Sprint" .....);
祝一切顺利! :)
解决方案3
0 2010-08-15 07:48:10
首先这里是一些技巧。
- 用'代替“来表示没有变量的字符串,当您使用”时php将在字符串内查找变量,用'将其粘贴出来。 这将为您节省一些CPU时间。
- 当使用mysql时,您只想计算结果的速度就是执行一个简单的count(0)快得多,然后获取所有行并对它们进行计数。
- 切记在将变量粘贴到sql字符串中时使用mysql_real_escape_string,以再次保护sql注入。
- 当您遇到其中一种情况时,什么都不做..
- 当您只包含php代码的文件时,没有理由结束php标签“?>”,这只会导致您在寻找来自某处的该死的新行和新空间时遇到问题。
您提供的代码没有太多可以优化的地方,主要是可读性。 我已经稍微更新了您的脚本,修复了som注入问题,并稍微更新了可读性。
但是,如果您确实希望将php编程提高到一个全新的水平,请先看一看类,并在对它们感到满意之后,尝试使用MVC。 我可以推荐Zend框架。
<?php
include("db.php");
include("function.php");
//variables
$number = htmlspecialchars($_POST['num']);
$date = date("Y-m-d");
//validate phone number
if (strlen($_POST['num']) != 12){
print "Invalid Phone Number.";
die();
}
//check how many times the number was called today
$callstoday = mysql_query('
SELECT count(0) as `count`
FROM numbers
WHERE number = '.mysql_real_escape_string($number).'
AND date
LIKE \''.mysql_real_escape_string($date).'%\'')
or die(mysql_error());
$callstoday = $callstoday[0]['count'];
//cant do more than 5 calls
if ($callstotal >= 5){
print "Not Allowed";
die();
}
//break up the number in 3 parts
$bits = explode('-', $number);
$data = get_carrier('http://site.com/?action=carrierlookup&p1='.$bits[0].'&p2='.$bits[1].'&p3='.$bites[2].'&iecache=0');
//check when they want to call
switch($_POST['when'])
{
case 'now':
$when = 0;
break;
case 'secs':
$when = 30;
break;
case 'minute':
$when = 60;
break;
case '2minute':
$when = 120;
break;
case '5minute':
$when = 300;
break;
}
//check for carrier
if(strstr($data, 'Cingular'))
$carrier = "AT&T";
elseif(strstr($data, 'Sprint'))
$carrier = "Sprint";
elseif(strstr($data, 'Verzion'))
$carrier = "Verzion";
elseif(strstr($data, 'T-Mobile'))
$carrier = "T-Mobile";
elseif(strstr($data, 'Boost'))
$carrier = "Boost Mobile";
elseif(strstr($data, 'Cricket'))
$carrier = "Cricket";
elseif(strstr($data, 'Alltel'))
$carrier = "Alltel";
elseif(strstr($data, 'Unable'))
$carrier = "Unknown Carrier";
//inset number and carrier into database.
mysql_query("INSERT INTO numbers (number, carrier)
VALUES (\''.mysql_real_escape_string($number).'\', \''.mysql_real_escape_string($carrier).'\')");
print "success";
mysql_close($con);
//call out to the number
$strippednumber = str_replace("-", "", $number);
$call = call("http://domain.com");
解决方案4
0 2010-08-15 07:59:10
还有三件事:
- Verizon是这样拼写的,而不是Verzion ;-)
- 如果您的日期列是DATETIME,则SQL可能更有效地写为
date>=CUR_DATE() AND date<DATE_ADD(CUR_DATE(), INTERVAL 1 DAY)-写的选择可能需要数据库将每个日期转换为字符串进行比较,除非其查询优化器识别出这种模式。 - 您可以针对合适的正则表达式更好地验证$ num,而不仅仅是检查它的12个字符-作为副作用,这还可以防止SQL注入攻击:
if (!preg_match("/^[0-9]{3}-[0-9]{3}-[0-9]{4}$/", $num)) { // Invalid number - fail }
解决方案5
-1 2010-08-15 08:09:26
我在这里没有使用$ when变量。 但看起来您必须已经在HTML表单中进行了设置:
<option value ="0">now</option>
<option value ="30">secs</option>
...
将在$ _POST [“ when”]中为您提供所需的号码
此代码需要循环超过350万行,如何才能使其更高效?
[英]This code needs to loop over 3.5 million rows, how can I make it more efficient?
如何使这个PHP代码更高效? (在CSV文件中编辑一行)
[英]How can I make this PHP code more efficient? (Editing a line in a CSV file)
冒泡排序数组,我怎样才能使这个php冒泡排序代码更好或更有效?
[英]Bubble sort array, how can I make this php bubble sort code better or more effective?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.