仓库及仓库管理课程
仓库及仓库管理课程
提问于 2018-05-19 10:15:59
几天前,当我开始编写PHP类时,我已经发布了这个PHP类。既然所有的方法和控制器逻辑都准备好了,我将在这里询问一些关于如何提高功能和安全性的建议。这是原码。我正在发布的代码是几乎准备好部署的最后工作。因为我认为在PHP中是个新手,所以任何解决问题的方法都会很受欢迎。Class.php
true, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION);
// try {
if($this->db === null){
$this->db = new PDO('mysql:host=localhost;dbname=marymarket','root','root');
}
//} catch (Exception $e) {
//echo $e->getMessage();
//}
}
/* articles management methods */
public function insertArticle(array $data){
$stmt = $this->db->prepare('INSERT INTO products (cod_articolo,codice_barre,pezzi_disponibili, marca, nome_articolo, prezzo, tipologia_articolo,in_promozione,note) VALUES (?,?,?,?,?,?,?,?,?)');
if($stmt->execute(array($data['code'],$data['barcode'],$data['quantity'],$data['brand'],$data['article_name'],$data['price'],$data['article_type'],$data['promo_stats'],$data['note']))){
return true;
} else {
return false;
}
}
public function selectArticle($id){
$stmt = $this->db->prepare('SELECT * FROM products WHERE id=:id');
$stmt->bindParam(':id',$id,PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return json_encode($result);
}
public function editArticle(array $data){
$stmt = $this->db->prepare('UPDATE products SET cod_articolo = ? ,codice_barre = ? ,pezzi_disponibili = ?, marca = ?, nome_articolo = ? , prezzo = ?, tipologia_articolo = ? ,in_promozione = ? ,note = ? WHERE id = ?');
if($stmt->execute(array($data['cod_articolo'],$data['codice_barre'],$data['qty'],$data['brand'],$data['article_name'],$data['price'],$data['article_type'],$data['promo_stats'],$data['note'],$data['id']))){
return true;
} else {
return false;
}
}
public function deleteArticle($id){
$stmt = $this->db->prepare('DELETE FROM products WHERE id=:id');
$stmt->bindParam(':id',$id,PDO::PARAM_INT);
if($stmt->execute()){
return true;
} else {
return false;
}
}
public function listArticles(){
$stmt = $this->db->query('SELECT * FROM products');
$results = $stmt->fetchAll();
return json_encode($results);
}
/* suppliers management methods */
public function insertSupplier(array $data){
$stmt = $this->database()->prepare('INSERT INTO suppliers (codice_interno,nome_fornitore,partita_iva,telefono,fax,email,indirizzo,citta,cap,provincia) VALUES (?,?,?,?,?,?,?,?,?,?)');
if($stmt->execute(array($data['cod_interno'],$data['nome_fornitore'],$data['p_iva'],$data['tel'],$data['fax'],$data['email'],$data['indirizzo'],$data['citta'],$data['cap'],$data['provincia']))){
return true;
} else {
return false;
}
}
public function selectSupplier($id){
$stmt = $this->db->prepare('SELECT * FROM suppliers WHERE id = :id');
$stmt->bindParam(':id',$id,PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return json_encode($result);
}
public function editSupplier(array $data){
$stmt = $this->db->prepare('UPDATE suppliers SET codice_interno = ? ,nome_fornitore = ? ,partita_iva = ? ,telefono = ? ,fax = ? ,email = ? ,indirizzo = ? ,citta = ?,cap = ?,provincia = ? WHERE id = ?');
if($stmt->execute($data['cod_interno'],$data['nome_fornitore'],$data['p_iva'],$data['tel'],$data['fax'],$data['email'],$data['indirizzo'],$data['citta'],$data['cap'],$data['provincia'],$data['id'])){
return true;
} else {
return false;
}
}
public function deleteSupplier($id){
$stmt = $this->db->prepare('DELETE FROM suppliers WHERE id = :id');
$stmt->bindParam(':id',$id,PDO::PARAM_INT);
if($stmt->execute()){
return true;
} else {
return false;
}
}
public function listSuppliers(){
$stmt = $this->db->query('SELECT * FROM suppliers');
$stmt->execute();
$results = $stmt->fatchAll();
return json_encode($results);
}
/* brands management methods */
public function insertBrand(array $data){
$stmt = $this->db->prepare('INSERT INTO brands (codice_interno,marca,tipologia_prodotti) VALUES (?,?,?)');
if($stmt->execute($data['codice_interno'],$data['marca'],$data['tipologia_prodotti'])){
return true;
} else {
return false;
}
}
public function selectBrand($id){
$stmt = $this->db->prepare('SELECT * FROM brands WHERE id = :id');
$stmt->bindParam(':id',$id,PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return json_encode($result);
}
public function editBrand(array $data){
$stmt = $this->db->prepare('UPDATE brands SET codice_interno = ? , marca = ?, tipologia_prodotti = ? WHERE id = ?');
$stmt->execute(array($data['codice_interno'],$data['marca'],$data['tipologia_prodotti'],$data['id'])){
return true;
} else {
return false;
}
}
public function deleteBrand($id){
$stmt = $this->db->prepare('DELETE FROM brands WHERE id = :id');
$stmt->bindParam(':id',$id,PDO::PARAM_INT);
if($stmt->execute()){
return true;
} else {
return false;
}
}
public function listBrands(){
$stmt = $this->db->query('SELECT * FROM brands');
$results = $stmt->fetchAll();
return json_encode($results);
}
/* search */
public function search($q){
$stmt = $this->db->prepare('SELECT * FROM products WHERE nome_articolo LIKE :q OR marca LIKE :q OR cod_articolo LIKE :q');
$stmt->bindParam(':q',$q,PDO::PARAM_STR);
$stmt->execute();
if($stmt->rowCount() > 0){
$results = $stmt->fetchAll();
return json_encode($results);
} else {
return false;
}
}
}
?>以下是使用Jquery AJAX调用的控制器代码。在发出$_POST和$_GET请求时,我实现了一个名为"action“的静态变量,用于管理作为html文件的视图的所有不同功能。
controller.php
$code,
'barcode'=>$barcode,
'quantity'=>$qty,
'brand'=>$brand,
'article_name'=>$article_name,
'article_type'=>$article_type,
'price'=>$price,
'promo_stats'=>$promo_stats,
'note'=>$note
);
$save = $core->insertArticle($data);
}
if(isset($_POST['action']) && $_POST['action'] === 'editArticle'){
$id = filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$code = filter_var($_POST['code'],FILTER_SANITIZE_STRING);
$barcode = filter_var($_POST['barcode'],FILTER_SANITIZE_NUMBER_INT);
$qty = filter_var($_POST['quantity'],FILTER_SANITIZE_STRING);
$brand = filter_var($_POST['brand'],FILTER_SANITIZE_STRING);
$article_name = filter_var($_POST['artName'],FILTER_SANITIZE_STRING);
$article_type = filter_var($_POST['artType'],FILTER_SANITIZE_STRING);
$price = filter_var($_POST['price'],FILTER_SANITIZE_NUMBER_INT);
$promo_stats = filter_var($_POST['promoStats']);
$note = filter_var($_POST['note'],FILTER_SANITIZE_STRING);
$data = array('id'=>$id,
'code'=>$code,
'barcode'=>$barcode,
'quantity'=>$qty,
'brand'=>$brand,
'article_name'=>$article_name,
'article_type'=>$article_type,
'price'=>$price,
'promo_stats'=>$promo_stats,
'note'=>$note
);
$update = $core->editArticle($data);
if($update === true){
echo 'ok';
} else {
echo 'error';
}
}
if(isset($_POST['action']) && $_POST['action'] === 'deleteArticle'){
$id = filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$del = $core->deleteArticle($id);
echo $del;
}
/* suppliers $_POST requests */
if(isset($_POST['action']) && $_POST['action'] === 'insertSupplier' ){
$code = filter_var($_POST['codice_interno'],FILTER_SANITIZE_STRING);
$name = filter_var($_POST['nome_fornitore'],FILTER_SANITIZE_STRING);
$piva = filter_var($_POST['p_iva'],FILTER_SANITIZE_NUMBER_INT);
$tel = filter_var($_POST['tel'],FILTER_SANITIZE_NUMBER_INT);
$fax = filter_var($_POST['fax'],FILTER_SANITIZE_NUMBER_INT); $email = filter_var($_POST['email'],FILTER_SANITIZE_STRING);
$indirizzo = filter_var($_POST['indirizzo'],FILTER_SANITIZE_STRING);
$citta = filter_var($_POST['citta'],FILTER_SANITIZE_STRING);
$cap = filter_var($_POST['cap'],FILTER_SANITIZE_NUMBER_INT); $provincia = filter_var($_POST['provincia'],FILTER_SANITIZE_STRING);
$data = array('cod_interno'=>$code,
'nome_fornitore'=>$name,
'p_iva'=>$piva,
'tel'=>$tel,
'fax'=>$fax,
'email'=>$email,
'indirizzo'=>$indirizzo,
'citta'=>$citta,
'cap'=>$cap
'provincia'=>$provincia
);
$save = $core->insertSupplier($data);
}
if(isset($_POST['action']) && $_POST['action'] === 'editSupplier' ){
$id = filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$code = filter_var($_POST['codice_interno'],FILTER_SANITIZE_STRING);
$name = filter_var($_POST['nome_fornitore'],FILTER_SANITIZE_STRING);
$piva = filter_var($_POST['p_iva'],FILTER_SANITIZE_NUMBER_INT);
$tel = filter_var($_POST['tel'],FILTER_SANITIZE_NUMBER_INT);
$fax = filter_var($_POST['fax'],FILTER_SANITIZE_NUMBER_INT); $email = filter_var($_POST['email'],FILTER_SANITIZE_STRING);
$indirizzo = filter_var($_POST['indirizzo'],FILTER_SANITIZE_STRING);
$citta = filter_var($_POST['citta'],FILTER_SANITIZE_STRING);
$cap = filter_var($_POST['cap'],FILTER_SANITIZE_NUMBER_INT); $provincia = filter_var($_POST['provincia'],FILTER_SANITIZE_STRING);
$data = array('id'=>$id,
'cod_interno'=>$code,
'nome_fornitore'=>$name,
'p_iva'=>$piva,
'tel'=>$tel,
'fax'=>$fax,
'email'=>$email,
'indirizzo'=>$indirizzo,
'citta'=>$citta,
'cap'=>$cap
'provincia'=>$provincia
);
$update = $core->editSupplier($data);
}
if(isset($_POST['action']) && $_POST['action'] === 'deleteSupplier' ){
$id = filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$del = $core->deleteSupplier($id);
echo $del;
}
/* brands $_POST requests */
if(isset($_POST['action']) && $_POST['action'] === 'insertBrand'){
$code = filter_var($_POST['codice_interno'],FILTER_SANITIZE_STRING);
$name = filter_var($_POST['marca'],FILTER_SANITIZE_STRING);
$type = filter_var($_POST['tipologia_prodotti'],FILTER_SANITIZE_STRING);
$data = array('codice_interno'=>$code,
'marca'=>$name,
'tipologia_prodotti'=>$type
);
$save = $core->insertBrand($data);
}
if(isset($_POST['action']) && $_POST['action'] === 'editBrand'){
$id = filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$code = filter_var($_POST['codice_interno'],FILTER_SANITIZE_STRING);
$name = filter_var($_POST['marca'],FILTER_SANITIZE_STRING);
$type = filter_var($_POST['tipologia_prodotti'],FILTER_SANITIZE_STRING);
$data = array('id' =>$id,
'codice_interno'=>$code,
'marca'=>$name,
'tipologia_prodotti'=>$type
);
$update = $core->editBrand($data);
}
if(isset($_POST['action']) && $_POST['action'] === 'deleteBrand'){
$id = filter_var($_POST['id'],FILTER_SANITIZE_NUMBER_INT);
$del = $core->deleteBrand($id);
//echo $del;
}
/* $_GET requests */
if(isset($_GET['action']) && $_GET['action'] === 'productsList'){
$results = $core->listArticles();
echo $results;
}
if(isset($_GET['action']) && $_GET['action'] === 'suppliersList' ){
$results = $core->listSuppliers();
echo $results;
}
if(isset($_GET['action']) && $_GET['action'] === 'brandsList' ){
$results = $core->listBrands();
echo $results;
}
if(isset($_GET['action']) && $_GET['action'] === 'selectArticle'){
$id = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
$selected = $core->selectArticle($id);
echo $selected;
}
if(isset($_GET['action']) && $_GET['action'] === 'selectSupplier'){
$id = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
$selected = $core->selectSupplier($id);
echo $selected;
}
if(isset($_GET['action']) && $_GET['action'] === 'selectBrand'){
$id = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
$selected = $core->selectBrand($id);
echo $selected;
}
/* search */
if(isset($_POST['q'])){
$q = filter_var($_POST['q'],FILTER_SANITIZE_STRING);
$results = $core->search($q);
echo $results;
}
?>我对所有代码的怀疑都是关于准备好的语句,我在execute()函数中使用了一个D7,这是为了避免编写冗长的SQL查询,所以我不确定这是否是一个好的安全实践。另外,我对控制器以及如何对视图进行echo响应都有疑问,因为目前我已经将控制器的响应限制为在查询执行中出现错误时返回true或false的if(),else()。
NB:目前数据库表的设计是一个草案,所以每个列名都是临时的。
回答 1
Code Review用户
回答已采纳
发布于 2018-05-19 10:45:48
互斥条件
再仔细看一看:
if(isset( $_GET ) && $_GET === 'productsList'){ $results = $core->listArticles();echo $results;} if(isset( $_GET ) &$_GET === 'suppliersList‘){ $results =$core->listSupplier();Eco$results;}(isset($_GET)&$_GET === 'brandsList’){ $results = $core->listBrands();echo ===;}
如果$_GET['action']的值是productsList,那么就没有必要在这个值上计算其他条件。当您在这种相互排斥的条件下工作时,然后将它们与elseif链接在一起。
此外,也没有必要重复评估isset($_GET['action'])。在上述所有条件下都很常见,所以最好这样写:
if (isset($_GET['action'])) {
if ($_GET['action'] === 'productsList') {
// ...
} elseif ($_GET['action'] === '...') {
// ...
} elseif ($_GET['action'] === '...') {
// ...
}
}直接使用布尔条件
而不是这样:
如果($stmt->execute(.)){返回true;} if {返回false;}
可以直接使用布尔条件的值:
return $stmt->execute(...));避免通配符选择
与其像SELECT * FROM products WHERE id=:id这样的通配符选择,不如列出您真正需要的特定列。这将有两个实际好处:
- 减少程序和数据库之间传输的数据量。
- 使程序不知道数据库中列的顺序。
,不要重复,
除了表名之外,对某些表进行操作的许多方法几乎是相同的。最好将公共逻辑提取为带有参数的助手方法,这样就可以减少重复的样板代码。
页面原文内容由Code Review提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://codereview.stackexchange.com/questions/194745
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号