>백엔드 개발 >PHP 튜토리얼 >A Viewstate for PHP

A Viewstate for PHP

WBOY
WBOY원래의
2016-06-23 14:36:21928검색

One of ASP.net’s most attractive features is the viewstate. It is a convienent way to store arbitrary data in a persistent mechanism. In fact, it’s rather like PHP’s $_SESSION array.

There is, however, one difference. $_SESSION is unique to a user but is reused across pages. With only one window to your website, the two preform the same function. But if a user has multiple tabs or windows, $_SESSION can change in between what would otherwise be two successive page loads.

The viewstate has two functions:

Storing properties for controls and forms, Storing arbitrary data

The viewstate is responsible for ensuring a red label is still red (and doesn’t default back to black) between page loads. Controls and forms manage this transparently from the developer (excluding a non-obtrusive ViewState property on controls). There is also a viewstate on the page object. It will act like a dictionary, allowing you to save arbitrary data to it.

The viewstate is a magical thing, and it achieves that through indirection. It is what separates a browser form submission from a user actually preforming an action. Prado and Fortitude both duplicate this functionality in PHP.

For a full example, take a look at Fortitude Form’s code. But for today’s purposes, I just wanted to demonstrate how to create a simple viewstate in PHP.

<?phpif (array_key_exists ("viewstate", $_POST)) {$viewstate = unserialize (base64_decode ($_POST["viewstate"]));$viewstate->count++;} else {$viewstate = new stdObject;$viewstate->count = 0;}?><html><body>Page-load count: <?=$viewstate->count;?><form method="post" action="?"><input type="hidden" value="<?=base64_encode(serialize($viewstate));?>" name="viewstate" /><input type="submit" value="Increment" /></form></body></html>

It preforms very similarily to $_SESSION. Although I used an object, it works just as well with an array. But it accomplishes a separate scope for each page. Frequently in PHP, pagination results are placed in $_SESSION, but that means only one set can be used at a time without butchering the rest. In a page scope, any manipulations can be done at will. And that exposes the real difference between the two: global things, like login operation or options, should be set in $_SESSION. Local, page-level or temporary things should be set in the page’s viewstate. Opening two or three or even one hundred twenty copies of that script will maintain that many instances of $viewstate->count. $_SESSION maintains only one.

Note that the security problems the ExtremeExperts article mentions are just as true with PHP as ASP.net. A manipulative user could set viewstate to a custom crafted value and disrupt the applications expectations. But that just means judicious amounts of validation are required before consuming viewstate on postbacks. Both ASP.net and PHP’s viewstate can be made secure.

성명:
본 글의 내용은 네티즌들의 자발적인 기여로 작성되었으며, 저작권은 원저작자에게 있습니다. 본 사이트는 이에 상응하는 법적 책임을 지지 않습니다. 표절이나 침해가 의심되는 콘텐츠를 발견한 경우 admin@php.cn으로 문의하세요.
이전 기사:PHP之旅다음 기사:PHP & Web Service