PHP和AVS:视频评论表单定制？

Question

我正在尝试修改一个框架上的表单，但我真的不知道发生了什么。

表单如下所示：

<form name="postVideoComment" id="postVideoComment" method="post" action="#">
                    <input type = "text" id = "user_handle" name = "user_handle" class="video_comment">
                <textarea name="video_comment" id="video_comment" cols="100" rows="5" class="video_comment"></textarea>
                <div id="post_message" class="post_message" style="display: none;">{t c='global.comment_empty'}</div>
                <div class="action"><span id="chars_left">1000</span> {t c='global.chars_left'}</div>
                <div class="action">
                    <input name="submit_comment" type="button" value=" {t c='global.post'} " id="post_video_comment_{$video.VID}" class="button" />
                </div>
                <div class="clear_left"></div>
            </form>

但是，不知何故，id为user_handle的输入并未传递给表单。这个表单提交给一个video_comment.php文件，它的行为方式我无法理解(例如，它使用$filter-> get ( 'comment‘)来获取注释；我不知道这个’注释‘来自哪里。但它对评论真的很好用，除了它忽略了我的user_handle：

    $data   = array('msg' => '', 'code' => '', 'vid' => 0, 'cid' => 0);
if ( isset($_POST['video_id']) && isset($_POST['comment']) ) {
    if ( $config['video_comments'] == '0' ) {
        $data['msg'] = 'Video comments are currently disabled!';
    } else {
        $spam   = false;
        if ( isset($_SESSION['v_comment_added']) ) {
            $delay  = intval($_SESSION['v_comment_added'])+30;
            if ( time() < $delay ) {
                $spam = true;
                $_SESSION['v_comment_added'] = time();
            }
        }

        $filter         = new VFilter();
        $uid            = '1';
        $vid            = $filter->get('video_id', 'INTEGER'); 
        $user_handle    = $_POST['user_handle'];
        $comment        = $filter->get('comment');
        var_dump($_POST);
        $sql            = "INSERT INTO video_comments ( VID, UID, comment, user_handle, addtime )
                           VALUES (" .$vid. ", " .$uid. ", '" .mysql_real_escape_string($comment). "', '" .mysql_real_escape_string($user_handle). "', '" .time(). "')";
        $conn->execute($sql);

感谢您的帮助！谢谢!

Answer 1

我认为"VFilter“类可能正在清理POST数据，以确保只通过$filter实例访问这些数据。看看那个类，我猜有一个从POST变量名到'comment‘之类的简短名称的映射。