何时以及如何在 PHP 中使用常量?
我目前正在编写一个网站(PHP4)。我计划将在运行时不会更改的值保存在常量中。例如,这些是数据库的登录数据的版本号。
问题 1:将数据保存在常量中是否会出现任何(安全相关)问题?
目前,我执行以下操作来定义和调用常量:
define("VERSION", "1.0");
echo "Current version: ".VERSION."."; // Result: "Current version: 1.0."
有一件事情让我烦恼:如果未定义常量,则会返回“错误”变量名称,而不是例如 NULL。
define("VERSION", "1.0");
echo "Current version: ".VERSIONXXX."."; // Result: "Current version: VERSIONXXX."
当我不小心输入错误的常量名称时,我发现收到错误消息并返回值“NULL”的一个解决方案是使用函数 constant():
define("VERSION", "1.0");
echo "Current version: ".constant("VERSIONXXX")."."; // Result: "Current version: ."
问题 2:我可以用不同的方式阻止, PHP 返回不存在变量的名称?
问题 3:PHP 中常量的值是否应该始终使用函数 constant() 返回?
I'm currently programming a website (in PHP4). I plan to save values, which do not change during runtime, in constants. Those are for example the version number of login-data for the database.
Question 1: are there any (security relevant) problems that can arise from saving data in constants?
At the moment I do the following to define and call the constant:
define("VERSION", "1.0");
echo "Current version: ".VERSION."."; // Result: "Current version: 1.0."
There is one thing that annoys me: In case a constant is not defined, the "wrong" variable name is returned instead of e.g. NULL.
define("VERSION", "1.0");
echo "Current version: ".VERSIONXXX."."; // Result: "Current version: VERSIONXXX."
One solution I found to get an error message and the return value "NULL" when I accidently entered a wrong constant name is using the function constant():
define("VERSION", "1.0");
echo "Current version: ".constant("VERSIONXXX")."."; // Result: "Current version: ."
Question 2: Can I prevent in a different way, that PHP returns the name of the non-existing variable?
Question 3: Should the value of a constant in PHP always be returned using the function constant()?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
如果您尝试使用不存在的常量,PHP 会自动假定它是一个字符串,这就是您看到
VERSIONXXX的原因。IIRC 如果您的错误报告处于适当的级别,它会发出警告。这里最好的解决方案是确保您的代码使用正确的常量名称。
如果您知道常量的名称,那么直接使用它是最简单/最好的。
回显 MY_CONSTANT如果您不知道常量的名称(例如,它的名称位于变量中),请使用
constant():$name = 'MY_CONSTANT'; echo constant($name);If you attempt to use a constant that does not exist, PHP automagically assumes it is a string instead, which is why you see
VERSIONXXX.IIRC it throws a warning if you're error reporting is at the appropriate level. The best solution here is to ensure your code utilizes the proper constant names.
If you know the name of the constant, it's easiest/best to use it directly.
echo MY_CONSTANTIf you don't know the name of the constant (e.g. it's name is in a variable), use
constant():$name = 'MY_CONSTANT'; echo constant($name);倒序:
问题 3:否
问题2:不一定,但你可以进行调整。
因为(问题 1:)error_reporting。您的 PHP 网络服务器配置隐藏了一些错误。如果你添加
到你的脚本头,你会得到一个
错误。不幸的是,常量可以被解释为字符串,这是 PHP 悠久历史中出现的一个问题。
如果您不能确定首先设置了常量,您可以使用定义
但我个人认为应该不会有很多情况需要它,因为常量一词本身就意味着有保证的存在。我能想到的唯一例外是典型的标头测试。
最后一点提示:让自己成为一个 errorhandler功能,甚至可能与 firephp 一起使用吗?
In reverse Order:
Question 3: No
Question 2: Not really, but you can make adjustments.
because of (Question 1:) error_reporting. You PHP webserver is configured hide some errors. If you add
to your scripts head, you will get a
Error. Unfortunately it's a problem coming out of PHP's long history, that constants can be interpreted as strings.
If you can not be shure a constant was set in the first place you can use defined
But my personal opinion there shouldn't be many cases to need this, since the word constant alone implies a garanteed presence. The only exception I can think of is the typical header test.
And one last tipp: Go and make yourself a errorhandler function, maybe even with firephp?
好吧,您始终可以使用定义函数来确保常量存在。结合三元语句,您可以简单地回显一个空字符串,例如:
不是最佳答案,但可行吗?
define()的 PHP 手册位于 http://php. net/manual/en/function.define.phpWell, you could always use
definedfunction to make sure the constant exists. Combined with a ternary statement, you could simply echo an empty string, something like:Not the best answer, but workable?
PHP manual for
defined()is at http://php.net/manual/en/function.defined.php