这个PHP代码可以改进吗?

时间:2011-08-24 07:10:14

标签: php string forms variables save

我想要实现的是基本上通过我的表单输入的数据设置变量(然后在我的网站中使用这些变量)。我不关心安全性,因为我是唯一可以访问该表单的人。

所以目前我正在使用fwrite将数据保存在单独的文件中,然后对每个变量使用file_get_contents。表格中的数据很小,每个字段只有一个或两个单词。

我无法使用数据库,所以下面是我目前工作的一个例子,是否可以改进,还是有其他方法可以实现这个目标?

<?php

if(isset($_REQUEST['sub']))
{
$myFile = "first.php";
$fh = fopen($myFile, 'w') or die("can't open file");
$stringData = $_REQUEST['first'];
$string = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $stringData);
fwrite($fh, $string);
fclose($fh);

$myFile_second = "second.php";
$fh2 = fopen($myFile_second, 'w') or die("can't open file2");
$stringData2 = $_REQUEST['second'];
$string2 = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $stringData2);
fwrite($fh2, $string2);
fclose($fh2);

$myFile_third = "third.php";
$fh3 = fopen($myFile_third, 'w') or die("can't open file3");
$stringData3 = $_REQUEST['third'];
$string3 = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $stringData3);
fwrite($fh3, $string3);
fclose($fh3);
}

$first = file_get_contents ("first.php");
$second = file_get_contents ("second.php");
$third = file_get_contents ("third.php");

?>

<form method="post" name="installer">

<div id="field">
<label>First</label>
<input type="text" name="first" value="<?php echo $first; ?>" />
</div>

<div id="field">
<label>Second</label>
<input type="text" name="second" value="<?php echo $second; ?>" />
</div>

<div id="field">
<label>Third</label>
<input type="text" name="third" value="<?php echo $third; ?>" />
</div>

<div id="submit">
<input type="submit" value="Save" name="sub" />
</div>

</form>

非常感谢任何建议,谢谢:)

更新

非常感谢大家的帮助和建议。我现在已经实现了类似于下面的内容,我必须说它的效果非常好!

<?
if (isset($_REQUEST['sub'])) {

    $files_data = array(
        'first' => &$_REQUEST['first'],
        'second' => &$_REQUEST['second'],
        'third' => &$_REQUEST['third']
    );

    $files_data = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]+/", "", $files_data);

    file_put_contents('data.txt', serialize($files_data)) !== FALSE or die("Can't write to file!" . PHP_EOL);
    } 

$files_data = unserialize(file_get_contents('data.txt'));

$first = $files_data[first];
$second = $files_data[second];
$third = $files_data[third];

?>

<form method="post" name="installer">
<div id="field">
<label>First</label>
<input type="text" name="first" value="<?php echo $first; ?>" />
</div>
<div id="field">
<label>Second</label>
<input type="text" name="second" value="<?php echo $second; ?>" />
</div>
<div id="field">
<label>Third</label>
<input type="text" name="third" value="<?php echo $third; ?>" />
</div>
<div id="submit">
<input type="submit" value="Save" name="sub" />
</div>
</form>

7 个答案:

答案 0 :(得分:3)

我猜你这样做是为了持久性(即网络服务器重新启动,你希望你的数据在备份后就在那里)?因此,如果你坚持写作,阅读和解析大量文件,那么很难从你的执行中节省大量时间。

您可以查看fscan,看看是否会让您的阅读速度更快。

除此之外,我建议您在解析文件后缓存数据,这样您就不必反复进行,只有在文件更改后才重新扫描。您可以通过校验和或查看文件已修改时间戳来跟踪此信息。

“简化”的一种方法是将发布的数据保存在数组序列化中并将其保存到文件中。然后,您可以一次性阅读整个文件,然后反序列化,然后您的数组将返回数据。

将数组保存到文件的快速方法类似于

file_put_contents('mydatafile', serialize($myArray)));

并重新获得数组

$myArray = unserialize(file_get_contents('mydatafile'));

答案 1 :(得分:1)

您可以使用php会话来存储和检索值。 http://www.w3schools.com/php/php_sessions.asp

其次,您可以使用SplFileInfo而不是fopen,fwrite 

$myFile = 'foo.txt';
$file = new SplFileInfo($myFile);
$lines = $file->openFile('w');

答案 2 :(得分:1)

这应该可以解决问题。

<?php

if( isset($_REQUEST['sub']) ){

$files = array(
    'first.php'  => $_REQUEST['first'],
    'second.php' => $_REQUEST['second'],
    'third.php'  => $_REQUEST['third']
);  

foreach($files as $file => $request){
    $fh = fopen($file,'w') or die("can't open file ". $file);
    $string = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $request);
    fwrite($fh, $string);
    fclose($fh);
}

}

$first = file_get_contents ("first.php");
$second = file_get_contents ("second.php");
$third = file_get_contents ("third.php");

?>

但如上所述,使用数据库效率更高。

答案 3 :(得分:1)

<?php

function do_file_operation($filename,$field_name)
{
    $myFile = $filename;
    $fh = fopen($myFile, 'w') or die("can't open file");
    $stringData = $_POST[$field_name];
    $string = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $stringData);
    fwrite($fh, $string);
    fclose($fh);
}


if(isset($_POST['sub']))
{

    do_file_operation("first.php","first");
    do_file_operation("second.php","second");
    do_file_operation("third.php","third");

}

$first = file_get_contents ("first.php");
$second = file_get_contents ("second.php");
$third = file_get_contents ("third.php");

?>

<form method="post" name="installer">

<div id="field">
<label>First</label>
<input type="text" name="first" value="<?php echo $first; ?>" />
</div>

<div id="field">
<label>Second</label>
<input type="text" name="second" value="<?php echo $second; ?>" />
</div>

<div id="field">
<label>Third</label>
<input type="text" name="third" value="<?php echo $third; ?>" />
</div>

<div id="submit">
<input type="submit" value="Save" name="sub" />
</div>

</form>

答案 4 :(得分:1)

<?
if (isset($_REQUEST['sub'])) {
    # MAKE SURE YOUR FORM IS WELL PROTECTED !
    file_put_contents("first.php",  preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $_REQUEST['first']));
    file_put_contents("second.php", preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $_REQUEST['second']));
    file_put_contents("third.php", preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $_REQUEST['third']));
}    
?>
<form method="post" name="installer">
<div id="field">
<label>First</label>
<input type="text" name="first" value="<?php echo file_get_contents("first.php"); ?>" />
</div>
<div id="field">
<label>Second</label>
<input type="text" name="second" value="<?php echo file_get_contents("second.php"); ?>" />
</div>
<div id="field">
<label>Third</label>
<input type="text" name="third" value="<?php echo file_get_contents("third.php"); ?>" />
</div>
<div id="submit">
<input type="submit" value="Save" name="sub" />
</div>
</form>

答案 5 :(得分:1)

这只是对@Austin Brunkhorst代码的一点修改。抱歉,发表评论太多了。

if (isset($_REQUEST['sub'])) {
    //No need to copy variables
    $files_data = array(
        'first' => &$_REQUEST['first'],
        'second' => &$_REQUEST['second'],
        'third' => &$_REQUEST['third']
    );
    //Note that you should use '+' at the end of match
    //so that preg can match more the one character at once,
    //it is much faster. And we can apply it once to whole array.
    $files_data = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]+/", "", $files_data);
    //Note '&' in foreach to disable variable copying
    foreach ($files_data as $filename => &$request_str) {
        //Why use complex fwrite when we have a ready function to write to file?
        file_put_contents($filename . '.php', $request_str) !== FALSE or die("Can't write to file '$filename'!" . PHP_EOL);
        //We don't need to read files again when we already have our string
        //It is ugly, but fun! Maby this should be avoided :)
        $$filename = $request_str;
    }
} else {
    $first = file_get_contents("first.php");
    $second = file_get_contents("second.php");
    $third = file_get_contents("third.php");
}

答案 6 :(得分:-1)

如果您只想在项目中包含代码,可以使用eval

$includes = array('first', 'second', 'third');
foreach ($includes as $value) {
    $code = preg_replace("/[^a-zA-Z0-9.:,=?%\/\\s]/", "", $_REQUEST[$value]);
    if (!eval($code))
        die('Parse Error in $_REQUEST["'.$value.'"]');
}

正如所指出的,这使您可以对任何攻击敞开大门,因此请确保确实保护脚本,例如使用.htaccess-file

相关问题
最新问题