对输入/退出数据库的字符串执行操作的函数该如何命名
需要关于如何命名执行此操作的函数的建议
- 在插入数据库之前对字符串执行操作以防止 MySQL 注入
- 转换 HTML 特殊字符
例如:
enter_db()
exit_db()
但是,这些函数名称听起来有点老套。对其他名字有什么建议或建议吗?谢谢!
Need advice on what to name functions that do this
- Perform operations on strings before inserting into db to protect from MySQL injection
- Converts HTML special characters
Ex:
enter_db()
exit_db()
However, these function names sound kinda corny. Any suggestions or advice on other names? Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
我的数据库连接通常驻留在包装器中,因此这些函数有一些上下文:
听起来您正在将这些函数作为过程库的一部分放在外部,并且它们对字符串做了一些额外的工作,所以我'我可能会这样说:
我是一名 PHP 程序员,PHP 有一个内置的 htmlspecialchars() 函数。它有一个很好的简单性。如果您不使用 PHP,我只需使用
htmlSpecialChars()转换函数,或者可能使用htmlEntities()。My database connection generally resides in a wrapper, so there's a bit of context for the functions:
It sounds like you're making these functions external as part of a procedural library, and they do a little extra work on the string, so I'd probably go with something like:
I'm a PHP programmer, and PHP has a built in
htmlspecialchars()function. It's got a nice simplicity to it. If you're not using PHP, I'd simply makehtmlSpecialChars()the conversion function, or possiblyhtmlEntities().让我们称它们为“编码”(生成代码)和解码(使其不是代码)。
Let call them 'encode' (make code) and decode (make it not a code).
这是我会使用的:
Input_Validation_Function()
HTML_Char_converter()
我知道这些可能不是最好的名字。我希望它有帮助。
Here us what I would use:
Input_Validation_Function()
HTML_Char_converter()
I know those might not be the best names. I hope it helps though.
听起来您想在将字符串转储到数据库之前“清理”字符串是否有问题。您可以将其视为从一种类型的字符串到另一种类型的字符串的转换函数。然后,您可以将函数命名为 RawStringToSafeString 或 SafeStr_from_RawStr 或类似的名称。如果您需要另一个方向的功能,那么命名就很清楚了。
转换 html 特殊字符类似:RawStringToConvertedString 等。这降低了复杂性,因为您只需跟踪正在处理的字符串类型,而不需要对它们执行什么概念操作。
这是 Joel 在他的一篇文章中谈到的一个概念: http://joelonsoftware.com/articles/Wrong .html
It sounds like you want to "scrub" a string for an problems before dumping it into your DB. You could think of this as a conversion function from one type of string to another type of string. You could then name your function RawStringToSafeString or SafeStr_from_RawStr or something similar. If you need functions in the other direction, then the naming is clear.
Converting html special characters would be similar: RawStringToConvertedString, etc. This reduces complexity because you only have to keep track of what type of string you're dealing with, not what conceptual actions have been performed on them.
This is a concept Joel talks about in one of his essays: http://joelonsoftware.com/articles/Wrong.html
从 C# 或 .NET 的角度来看(也包括 Java,但使用驼峰式大小写),我会选择:
Clean()或Sanitize()很受欢迎EncodeHtml()< /code>DecodeHtml()From a C# or .NET perspective (but also Java but using camel case) I would choose:
Clean()orSanitize()is popularEncodeHtml()DecodeHtml()