Geek asks and answers

Storing php $ _GET variable in javascript variable?

I pass two pieces of information to the php page using the $ _GET (team1, team2) method. I would like to use them as variables in some javascript. How can i do this?

thank

+3
source share
7 answers

Original answer:

In your .php file.

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo $_GET['team1']; ?>; 
  team1 = <?php echo $_GET['team1']; ?>; 
</script>

Safe answer:

I didn’t even think about XSS when I blew this answer. (Look at the comments!) Everything from the $ _GET array must be escaped, otherwise the user can pretty much insert any JS they want on your page. So try something like this:

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
</script>

http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site-scripting-xss-attacks/.

XSS Google http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.

.

+1

$_GET querystring, javascript, :

<script>
var $_GET = populateGet();

function populateGet() {
  var obj = {}, params = location.search.slice(1).split('&');
  for(var i=0,len=params.length;i<len;i++) {
    var keyVal = params[i].split('=');
    obj[decodeURIComponent(keyVal[0])] = decodeURIComponent(keyVal[1]);
  }
  return obj;
}
</script>
+8

, - htmlentities, , . , , , .

<script type="text/javascript"> 
  var team1 = '<?php echo htmlentities($_GET['team1']); ?>'; 
  var team2 = '<?php echo htmlentities($_GET['team2']); ?>'; 
</script>
+1
<script type="text/javascript">
  var team1 = <?php echo $_GET['team1'] ?>;
  var team2 = <?php echo $_GET['team2'] ?>;
</script>
0

Other methods are dirty and there may be some problems. You are best off using javascript:

<script>
function get_data(name){
  name = name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");
  var regexS = "[\\?&]"+name+"=([^&#]*)";
  var regex = new RegExp(regexS);
  var results = regex.exec(window.location.href);
  if(results == null) return "";
  else return results[1];
}

var var1 = get_data('var1');
var var2 = get_data('var2');
</script>

But it is not safe yet.

Another way to do this that I was just thinking about is to print the $ _GET array. However, I do not know if this will work. In any case, if so, then here it is:

<script>
    var _get = <?php print_r($_GET); ?>

    var team1 = _get['team1'];
    var team2 = _get['team2'];
</script>

And you want to run array_walk (or something like that) for the function to clear each row.

0
source

Another way to do this with javascript:

var team1 = $_GET('team1');

function $_GET(q,s) {
        s = s ? s : window.location.search;
        var re = new RegExp('&'+q+'(?:=([^&]*))?(?=&|$)','i');
        return (s=s.replace(/^?/,'&').match(re)) ? (typeof s[1] == 'undefined' ? '' : decodeURIComponent(s[1])) : undefined;
}
0
source

Make sure your $_GETvars are accessible and not empty and use the following:

<script type="text/javascript">
    var team1 = <?php echo $_GET['team1']; ?>;
    var team2 = <?php echo $_GET['team2']; ?>;
</script>
-1
source

More articles:


All Articles