Is there no way of submitting a serialized parameter without ajax?
I want to access, like, an json encoded parameter when I process the POST from the form, something like: $params = json_decode($_GET['params']);
Any ideas, besides iterating each input and append it to a hidden one that will contain all parameters in an encoded form, ?
Update
I'm using codeigniter, so I would rather do something like
$search = json_decode($this->input->get('params'));
updateName($search['name']);
updateGender($search['gender']);
Than
updateName($this->input->get('name'));
updateGender($this->input->get('gender'));
Not sure if I am missing something here but you can only do a json_decode() on a json object/array.
$this->input->get() will return the whole $_GET array AS A PHP ARRAY, so you dont need to do anything JSON'ick with it to be able to use it as an array.
so would this not do what you want?
$search = $this->input->get();
updateName($search['name']);
updateGender($search['gender']);
If you want to pass it through the XSS filter first just use
$search = $this->input->get(NULL, TRUE);
Related
I am POSTing a form input with value:
http://www.domain.com/script.php?var1=1120&var2=254949&url=http%3A%2F%2Fwww.domain2.com%2Ffile%2Bname%3Fvar1%3Dvalue1
on the server (PHP) I get this value:
http://www.domain.com/script.php?var1=1120&var2=254949&url=http://www.domain2.com/file+name?var1=value1
is there anyway to receive the original un-decoded value?
You need to encode only part of your string. In order to achieve that, use function explode to make array of two elements, encode the second one and put them again together. Something like could be helpful.
$str ='http://www.domain.com/script.php?var1=1120&var2=254949&url=http://www.domain2.com/file+name?var1=value1';
$url = explode('url=',$str);
$str2 = $url[0].'url='.urlencode($url[1]);
echo($str2);
I was dealing with security, and I came up with an idea:
if (!isset($_POST['id']))
{
$_POST['id'] = 0;
}
$_POST['id'] = (int)$_POST['id']; // kill SQL injection
but what if id was an array? It would force this method to knee! But I dont know if its even possible to generate array.
Don't reinvent the wheel: php has a nice set of filters to deal with $_GET and $_POST: see http://php.net/filter - there are filters even for arrays.
If in your form you have a <SELECT multiple>, which will send out an array of options picked by the user, the name must be something like name="MySelection[]" instead of a plain name="MySelection". In this way, with the square brackets, an array will be automatically generated, and it will be $_POST['MySelection'][0], $_POST['MySelection'][1] and so on. You can loop on it with a the usual foreach.
We always retrieve the value in a $_GET['var'], but is it possible to assign a value as well? I have a php page where at one point, through ajax, I want to stay on the same page but change the query string or do an assignment like this:
$_GET['myvar'] = 'newvalue';
Is this possible?
Yes you can override the $_GET. however that is only for that request.
with ajax you do a new request and in the ajax call you can just use diffrent values for the data.
Yes, you can assign to the $_GET array, but it won't change the query string in the URL.
It's probably not the wisest thing to do though, as it will be overwritten in the next request
$_GET is just like a regular array. The only difference is that the keys of this array will be automatically populated with values that come with the request using HTTP GET. They are called superglobals because they are automatically and globally available anywhere in your script, other wise they behave just like regular arrays.
So if you have a request like mypage.php?key=value, PHP automatically does something equal to this for you:
$_GET['key'] = 'value';
And just like any regular array, you can overwrite it with a different value. However I really do not see a use case for that unless you are doing some testing or some really weird thingy..
I'm using GET to process my search form and working with pagination I need to resubmit the $_GET params as my target URL. Is there an easy way to build my new target URL from the contents of $_GET or do I need to use something like explode or simply iterate through the $_GET array?
Basically I'm looking for a shortcut or a better method of doing this.
Any ideas?
$_SERVER['QUERY_STRING'] contains the query string submitted to the script.
Simply loop through the $_GET by using the syntax below:
foreach ($_GET as $key=>$val) {
// build your URL here
}
If you want to manipulate the query string, then http_build_query() would be handy to create another query string out of present one using altered $_GET array (or it's copy)
I am trying to store any and all variables sent to the site in a single variable (just for logging purposes.)
So if a user goes to www.mysite.com and put on a ?id=4&auth=230984721839
I want to grab both of those GETs and store them in a variable such as $gets
I was trying:
$gets = print_r($_GET);
$posts = print_r($_POST);
But it did not work. Is this even possible? I don't want the user know I am capturing these.
I would also like to grab POSTs too!
You can add a flag to print_r to tell it to return the result instead of outputting it.
$gets = print_r($_GET, true);
$posts = print_r($_POST, true);
However, you may want to look into serializing the associative array instead.
Update
Based on your comments on your question I suppose you really want:
$gets = $_SERVER['QUERY_STRING'];
$posts = file_get_contents('php://input');
If you want both $_GETand $_POST as query strings, you can do this:
$gets = http_build_query($_GET);
$posts = http_build_query($_POST);
$_SERVER['QUERY_STRING']. See this.
This will give you unparsed query, so you can catch any invalid URLs which might be useful for logging purpose.
First of all, you might appreciate that all the parameters, both GET and POST ones, are collected in $_REQUEST.
Second, don't use print_r. That will print the variable out, and not give you any sensible result. Instead, just say
$params = $_REQUEST;
If you want the raw data, then you can get it as in #MichałŠrajer's answer (GET) and comment (POST). So,
$get = $_SERVER['QUERY_STRING'];
$post = file_get_contents("php://input");
By this code you can get any POST or GET values and then -maybe- put them into array for later use
foreach ($_REQUEST as $key => $value ) {
##Do what you want here - may be push values into array here
}
For storing purpose there is another possibility, and it is to serialize the $_GET array.
$data = serialize($_GET);
And then you store $data in your database.
For example, if your get string is ?foo=bar
you get this string a:1:{s:3:"foo";s:3:"bar";}
You can ever deserialize it with unserialize($data);