如何优雅地死去？

发布于 2024-10-27 07:10:45 字数 907 浏览 5 评论 0原文

我比以前更困惑了。我正在验证一个复杂的表单，并且检查了许多嵌套级别的 if 语句以及其他内容，并且我将一个变量传递给名为 $status 的表单，该变量只能是“新”或“编辑”。然后，当用户再次提交要验证的表单时，表单将 $status 值作为隐藏字段 ($_POST) 传递。我想确保用户不会意外更改此设置，因此如果“新”或“编辑”以外的内容通过，我想捕获错误。（虽然我想在理想的世界中完全消除用户影响这个变量的可能性。）

所以我想我会在 if 语句中使用 DIE()

<nested ifs>
    Select ($status){
        Case 'edit':
            break;
        Case 'new':
            break;
        default:
            //using example from article
            trigger_error("An error that should not occur has occurred", E_USER_ERROR);
            break;
    }
</nested ifs>

我真的不明白这比 die() 更干净？本质上，我想调用另一个函数，它向用户显示一些他们在此时可以执行的操作来修复错误的选项，但我希望代码完全停止运行，因为我不希望 if 语句进一步继续解析任何内容，并在发现“新”或“编辑”以外的内容时生成错误。

我不确定我说得有多清楚，所以请随时要求我详细说明任何不清楚的地方。（或者更好的是，隐藏的用户字段会被黑客攻击吗？如何防止？:P）

原文

So I've just read Why to never use 'or die'.

I am more confused then ever. I am validating a complicated form and I go though many nested levels of if statements and what not and I am passing a variable to the form which is called $status which can only be 'new' or 'edit'. Then when the user submits the form to be validated again the form passes along the $status value as a hidden field ($_POST). I want to make sure that the user cannot accidentally change this so I want to catch the error should something other than 'new' or 'edit' pass though. (Although I would like to completely eliminate the possibility of the user affecting this variable in an ideal world.)

So I figured that I would use DIE() in an if statement

<nested ifs>
    Select ($status){
        Case 'edit':
            break;
        Case 'new':
            break;
        default:
            //using example from article
            trigger_error("An error that should not occur has occurred", E_USER_ERROR);
            break;
    }
</nested ifs>

I don't really understand how this is cleaner than die()? Essentially I would like to call another function which displays the user some options of what they can do at this juncture to fix the error, but I want the code to absolutely stop running as I don't want an if statement further down to continue parsing anything and generating an error when it finds something other than 'new' or 'edit'.

I'm not sure how clear I am so please feel free to ask me to elaborate on any unclear points.
(or better yet, can a hidden user field get hacked? How to prevent? :P)

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

許願樹丅啲祈禱 2024-11-03 07:10:45

trigger_error() 触发由错误处理程序处理的错误。

使用 trigger_error() 你可以优雅地处理错误，例如：

  set_error_handler('ErrorHandler');

  function ErrorHandler($errno, $errmsg, $filename, $linenum, $vars)
  {
    print '<pre style="line-height: 2em;">';
    printf("==> Error in `%s' line %s: %s\n\n", $filename, $linenum, $errmsg);
    debug_print_backtrace();
    print '</pre>';

    exit($errno);
  }

这是一个简单的例子，但我们公司网站显示了一个友好的错误页面，并向我发送了一封电子邮件，说我是个白痴，在某个地方搞砸了:-)

相对于 die() 或 exit() 的优势应该很明显 :-)

当您需要时仍然可以使用 exit()退出。例如，当您生成模板、输出该模板并希望停止代码执行时。或者，当您发送 header('Location: ...'); 标头并希望确保执行停止时...只是不要将其用于处理意外情况（即错误）。

trigger_error() 还可以让您更好地控制。当您希望停止执行但显示通知时，您可以发送 E_USER_NOTICE；当您希望停止执行时，您可以发送 E_USER_ERROR。停止。

此外，您可以编写更复杂的错误处理函数，其中某些 IP 会看到错误，而其余的则不会……这对开发很有用。

但要小心过度复杂的错误处理程序，如果错误处理程序内部发生错误会发生什么......？你可能看过《盗梦空间》:)

trigger_error() triggers an error which is handled by an error handler.

With trigger_error() you can gracefully handle errors, for example:

  set_error_handler('ErrorHandler');

  function ErrorHandler($errno, $errmsg, $filename, $linenum, $vars)
  {
    print '<pre style="line-height: 2em;">';
    printf("==> Error in `%s' line %s: %s\n\n", $filename, $linenum, $errmsg);
    debug_print_backtrace();
    print '</pre>';

    exit($errno);
  }

This is a simple example, but our company website displays a friendly error page and sends me an email that I'm an idiot and messed up somewhere :-)

The advantage over die() or exit() should be clear :-)

exit() can still be used when you need to exit. For example when you generate a template, output that, and want code execution to stop. Or when you send a header('Location: ...'); header and want to make sure the execution stops ... Just don't use it for handling unexpected situations (i.e. errors).

trigger_error() also gives you a better degree of control. You can send E_USER_NOTICE when you want execution to stop but display a notice, and E_USER_ERROR when you want execution to stop.

In addition, you can write more complex error handler functions where some IP's see a error, and the rest do not ... Kindda useful for development.

Be a but careful with overly complicated error handlers though, what happens is an error occurs inside an error handler ... ? You may have seen Inception :)

回复收藏 0 原文

无言温柔 2024-11-03 07:10:45

您链接到的文章解释了为什么您不应该使用 or die，如下所示：

$result = mysql_query($query) or die('A MySQL query occurred: ' . mysql_error());

显然这是一个坏主意，因为它可能会将有关您的 MySQL 结构的敏感信息输出到恶意用户。

但是，我认为以您正在使用的方式使用 die 并没有什么问题（并且我认为本文的作者会同意我的观点），尽管向用户提供选项列表会确实，这是处理这个问题的首选方法。

The article you linked to explains why you shouldn't use or die, as in:

$result = mysql_query($query) or die('A MySQL query occurred: ' . mysql_error());

Obviously this is a bad idea, as it could output sensitive information about your MySQL structure to a malicious user.

However, I think there is nothing wrong (and I think the writer of the article would agree with me) to use die in the way you are using it, although presenting the user with a list of options would, indeed, be the preferred way to handle this.

回复收藏 0 原文

~没有更多了~