In the function show_commentbox() below, I would like to pass along the variables $_SESSION['loginid'], $submissionid, $submission, $url, $submittor, $submissiondate, $countcomments, $dispurl. With the setup below, it’s not working. How could I change it to make show_commentbox() pass the variables along?
Thanks in advance,
John
index.php:
<?php
$submission = $_GET['submission'];
require_once "header.php";
include "login.php";
include "comments.php";
include "commentformonoff.php";
?>
In header.php:
require_once ("function.inc.php");
In comments.php:
$uid = $_SESSION['loginid'];
$submissiondate = mysql_real_escape_string($_GET['submissiondate']);
$submittor = mysql_real_escape_string($_GET['submittor']);
$countcomments = mysql_real_escape_string($_GET['countcomments']);
$dispurl = mysql_real_escape_string($_GET['dispurl']);
$url = mysql_real_escape_string($_GET['url']);
$submission = mysql_real_escape_string($_GET['submission']);
$submissionid = mysql_real_escape_string($_GET['submissionid']);
commentformonoff.php:
<?php
if (!isLoggedIn())
{
if (isset($_POST['cmdlogin']))
{
if (checkLogin($_POST['username'], $_POST['password']))
{
show_commentbox();
} else
{
echo "Login to comment";
}
} else
{
echo "Login to comment";
}
} else
{
show_commentbox();
}
?>
In display.functions.inc.php:
function show_commentbox()
{
echo '<form action="http://www...com/sandbox/comments/comments2.php" method="post">
<input type="hidden" value="'.$_SESSION['loginid'].'" name="uid">
<input type="hidden" value="'.$submissionid.'" name="submissionid">
<input type="hidden" value="'.$submission.'" name="submission">
<input type="hidden" value="'.$url.'" name="url">
<input type="hidden" value="'.$submittor.'" name="submittor">
<input type="hidden" value="'.$submissiondate.'" name="submissiondate">
<input type="hidden" value="'.$countcomments.'" name="countcomments">
<input type="hidden" value="'.$dispurl.'" name="dispurl">
<label class="addacomment" for="title">Add a comment:</label>
<textarea class="commentsubfield" name="comment" type="comment" id="comment" maxlength="1000"></textarea>
<div class="commentsubbutton"><input name="submit" type="submit" value="Submit"></div>
</form>
';
}
Simply pass them as arguments:
Note that I removed
$_SESSION['loginid'], since it doesn’t need to be passed through the form to be available. Also, it’s probably sensitive information an thus shouldn’t be leaked.mysql_real_escape_stringshould only be used to prepare data that’s going to be sent to a database. Instead, usehtmlspecialcharsorhtmlentitiesto prepare the data for output. This should be done inshow_commentbox, not before, since it’s where the destination of the values is determined.Of course, that many parameters are unwieldy. For one thing, how do you remember their order? One solution for that particular problem is to keyword arguments, which (in PHP) you have to implement by passing an associative array:
The better solution in this case is to use classes. It can be as simple as:
Or you can start using an MVC architecture, separating
showinto aFormViewclass.I’m intentionally leaving out using globals, since globals are bad.