Storing php $_GET variable in a javascript variabl

2020-02-11 07:46发布

站内问答 / PHP
1997 7 6

I am passing two pieces of info to a php page using the $_GET method (team1, team2). I'd like to use these as variables in some javascript. How can I do this?

Thanks

7条回答
叼着烟拽天下
2楼-- · 2020-02-11 07:59

Another way to do this with javascript :

var team1 = $_GET('team1');

function $_GET(q,s) {
        s = s ? s : window.location.search;
        var re = new RegExp('&'+q+'(?:=([^&]*))?(?=&|$)','i');
        return (s=s.replace(/^?/,'&').match(re)) ? (typeof s[1] == 'undefined' ? '' : decodeURIComponent(s[1])) : undefined;
}
查看更多
0人赞 添加讨论(0) 举报
Ridiculous、
3楼-- · 2020-02-11 08:04

Make sure your $_GET vars are available and not empty and use the following:

<script type="text/javascript">
    var team1 = <?php echo $_GET['team1']; ?>;
    var team2 = <?php echo $_GET['team2']; ?>;
</script>
查看更多
0人赞 添加讨论(0) 举报
Bombasti
4楼-- · 2020-02-11 08:06

Original answer:

In your .php file.

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo $_GET['team1']; ?>; 
  team1 = <?php echo $_GET['team1']; ?>; 
</script>

Safer answer:

Didn't even think about XSS when I blasted this answer out. (Look at the comments!) Anything from the $_GET array should be escaped, otherwise a user can pretty much insert whatever JS they want into your page. So try something like this:

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
</script>

From here http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site-scripting-xss-attacks/.

More about XSS from Google http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.

Cheers to the commenters.

查看更多
0人赞 添加讨论(0) 举报
女痞
5楼-- · 2020-02-11 08:06 
<script type="text/javascript">
  var team1 = <?php echo $_GET['team1'] ?>;
  var team2 = <?php echo $_GET['team2'] ?>;
</script>
查看更多
0人赞 添加讨论(0) 举报
在下西门庆
6楼-- · 2020-02-11 08:12

The other methods are kind of dirty, and there can be some problems. Your better off just using javascript:

<script>
function get_data(name){
  name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
  var regexS = "[\\?&]"+name+"=([^&#]*)";
  var regex = new RegExp(regexS);
  var results = regex.exec(window.location.href);
  if(results == null) return "";
  else return results[1];
}

var var1 = get_data('var1');
var var2 = get_data('var2');
</script>

But this still isn't super secure.

Another way of doing this, which I just thought of, is to print the $_GET array. I don't know if that would work, though. Anyway, if it does, then here it is:

<script>
    var _get = <?php print_r($_GET); ?>

    var team1 = _get['team1'];
    var team2 = _get['team2'];
</script>

And you would want to run array_walk(or something like that), on a function to clean each string.

查看更多
0人赞 添加讨论(0) 举报
我命由我不由天
7楼-- · 2020-02-11 08:14

Make sure you use something like htmlentities to escape the values so that your application is not susceptible to cross-site scripting attacks. Ideally you would validate the variables to make sure they're an expected value before outputting them to the page.

<script type="text/javascript"> 
  var team1 = '<?php echo htmlentities($_GET['team1']); ?>'; 
  var team2 = '<?php echo htmlentities($_GET['team2']); ?>'; 
</script>
查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)