PHP手册 - HTTP GET 变量

版本	说明
4.1.0	引入 `$_GET`，弃用 `$HTTP_GET_VARS`。

PHP手册 - N: HTTP GET 变量

用户评论:

gerjoo at gmail dot com (07-Feb-2012 02:28)

In reply to zgold at 10-Aug-2011 01:58. Using just htmlentities to "secure" your data will not protect you from SQL injections. Slashes are not escaped by the "htmlentities" function, if this is currently your only line of defence, you are vulnerable for SQL injections! To "secure" your data within this context, look into mysql_real_escape_string. Alternatively, feel free to read into "prepared statements". Please note that mysql_real_escape_string is not a replacement for htmlentities, they can be used together depending on your requirements. - Gerard

zgold (10-Aug-2011 09:58)

I don't directly use $_GET due to security concerns, instead I create a new array called $_CLEAN which contains cleaned superglobal variables. <?php function clean($elem) { if(!is_array($elem)) $elem = htmlentities($elem,ENT_QUOTES,"UTF-8"); else foreach ($elem as $key => $value) $elem[$key] = $this->clean($value); return $elem; } $_CLEAN['GET'] = clean($_GET); ?> I also do this for $_POST, as followed: <?php $_CLEAN['POST'] = clean($_POST); ?>

Maarten Schroeven (25-Jul-2011 09:09)

You can use this function to remove any $_GET variables out of your URL, it takes an array off strings(the names keys of the $_GET you wish to remove) and returns the url with the ones specified removed <?php function getUrlWithout($getNames){ $url = "http" . ((!empty($_SERVER['HTTPS'])) ? "s" : "") . "://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $questionMarkExp = explode("?", $url); $urlArray = explode("&", $questionMarkExp[1]); $retUrl=$questionMarkExp[0]; $retGet=""; $found=array(); foreach($getNames as $id => $name){ foreach ($urlArray as $key=>$value){ if(isset($_GET[$name]) && $value==$name."=".$_GET[$name]) unset($urlArray[$key]); } } $urlArray = array_values($urlArray); foreach ($urlArray as $key => $value){ if($key<sizeof($urlArray) && $retGet!=="") $retGet.="&"; $retGet.=$value; } return $retUrl."?".$retGet; } ?> Example current url is http://www.example.net/index.php?getVar1=Something&getVar2=10&getVar3=ok <?php echo getUrlWithout(array("getVar1","getVar3")); //result will be "http://www.example.net/index.php?getVar2=10" ?>

Daniel M (14-Jan-2011 12:35)

If you need to find out whether any GET variables have been specified, you can use the empty() function. <?php if(empty($_GET)) echo "No GET variables"; else print_r($_GET); ?> empty() - http://php.net/manual/en/function.empty.php print_r() - http://php.net/manual/en/function.print-r.php

chris at bjelleklang dot org (18-Dec-2010 10:40)

Please note that PHP setups with the suhosin patch installed will have a default limit of 512 characters for get parameters. Although bad practice, most browsers (including IE) supports URLs up to around 2000 characters, while Apache has a default of 8000. To add support for long parameters with suhosin, add suhosin.get.max_value_length = <limit> in php.ini

John Galt (15-Jun-2010 01:57)

Just a note, because I didn't know for sure until I tested it. If you have a query string that contains a parameter but no value (not even an equals sign), like so: http://path/to/script.php?a The following script is a good test to determine how a is valued: <pre> <?php print_r($_GET); if($_GET["a"] === "") echo "a is an empty string\n"; if($_GET["a"] === false) echo "a is false\n"; if($_GET["a"] === null) echo "a is null\n"; if(isset($_GET["a"])) echo "a is set\n"; if(!empty($_GET["a"])) echo "a is not empty"; ?> </pre> I tested this with script.php?a, and it returned: a is an empty string a is set So note that a parameter with no value associated with, even without an equals sign, is considered to be an empty string (""), isset() returns true for it, and it is considered empty, but not false or null. Seems obvious after the first test, but I just had to make sure. Of course, if I do not include it in my browser query, the script returns Array ( ) a is null

Alberto Lepe dev at alepe dot com (05-Oct-2009 05:23)

This Function will help you to manage your GET parameters to facilitate coding and prevent duplication. This is a basic version but it can be easily extended. <?php // Author: Alberto Lepe (www.alepe.com) /* Process $_GET to preserve user custom parameters * the arguments is a list of URL parameters that should be removed/changed from URL * for example: * * URL = "index.php?s=1&fi=2&m=4&p=3 * * if called: fixGet("s"); the result has to be: ?fi=2&m=4&p=3 * if called: fixGet("s&m"); the result has to be: ?fi=2&p=3 * if called: fixGet("s=4"); the result has to be: ?s=4&fi=2&m=4&p=3 * if called: fixGet("s=2&m"); the result has to be: ?s=2&fi=2&p=3 * if called: fixGet("s=&m=3"); the result has to be: ?s=&fi=2&m=3&p=3 * if called: fixGet("s=2&m="); the result has to be: ?s=2&fi=2&m=&p=3 * Special: when it ends with a =":" its to leave it open at the end * (just first occurrence) to facilitate concatenation: * if called: fixGet("s=2&m:"); the result has to be: ?s=2&fi=2&p=3&m * if called: fixGet("s=2&m:="); the result has to be: ?s=2&fi=2&p=3&m= * * Usage with HTML (using the URL example above and $id = 99): * * <a href="index.php<?php echo fixGet('m=2&s&fi:=').$id ?>" >Link</a> * Explanation: change "m" to 2, delete "s" and "fi" gets the $id value. ("p" is kept as it is not specified) * will output: <a href='index.php?m=2&p=3&fi=99'>Link</a> */ public function fixGet($args) { if(count($_GET) > 0) { if(!empty($args)) { $lastkey = ""; $pairs = explode("&",$args); foreach($pairs as $pair) { if(strpos($pair,":") !== false) { list($key,$value) = explode(":",$pair); unset($_GET[$key]); $lastkey = "&$key$value"; } elseif(strpos($pair,"=") === false) unset($_GET[$pair]); else { list($key, $value) = explode("=",$pair); $_GET[$key] = $value; } } } return "?".((count($_GET) > 0)?http_build_query($_GET).$lastkey:""); } ?> To test, copy+paste the following code into testFixGet.php <?php /* * Unit Test for fixGet() */ $cases = array ( 0 => array("s" => 1, "fi" => 2, "m" => 4, "p" => 3), 1 => array("s" => "", "fi" => "", "m" => 4, "p" => 3), ); $test[0] = array( "s" => "fi=2&m=4&p=3", "s&m" => "fi=2&p=3", "s=4" => "s=4&fi=2&m=4&p=3", "s=2&m" => "s=2&fi=2&p=3", "s=&m=3" => "s=&fi=2&m=3&p=3", "s=2&m=" => "s=2&fi=2&m=&p=3", "s=2&m:=" => "s=2&fi=2&p=3&m=", "z=9" => "s=1&fi=2&m=4&p=3&z=9", "z:" => "s=1&fi=2&m=4&p=3&z", "s:&m=3" => "fi=2&m=3&p=3&s", "s&m=3" => "fi=2&m=3&p=3", ); $test[1] = array( "s" => "fi=&m=4&p=3", "s&m" => "fi=&p=3", "s=4" => "s=4&fi=&m=4&p=3", "s=2&m" => "s=2&fi=&p=3", "s=&m=3" => "s=&fi=&m=3&p=3", "s=2&m=" => "s=2&fi=&m=&p=3", "s=2&m:=" => "s=2&fi=&p=3&m=", "z=9" => "s=&fi=&m=4&p=3&z=9", "z:" => "s=&fi=&m=4&p=3&z", ); foreach($cases as $x => $value) { echo "<hr> CASE: $x <hr>\n"; foreach($test[$x] as $arg => $expected) { $_GET = $cases[$x]; $res = myForm::fixGet($arg); echo (($res === "?".$expected)?"OK":"NG ($res)")." [$arg]<br>\n"; } } ?>

robotreply at gmail dot com (24-Jul-2009 08:17)

Parsing of GET/POST drops duplicate variables unless those variables have "[]" (PHP bugs #10502, #15498 and #16195). Adding "[]" makes a mess of your javascript code, so here is a small workaround to it. This function basically scans your raw POST and GET input and tries to fix the same. This function must be called near the top of your script. Optimizations are welcome. <?php function php_fix_raw_query() { $post = ''; // Try globals array if (!$post && isset($_GLOBALS) && isset($_GLOBALS["HTTP_RAW_POST_DATA"])) $post = $_GLOBALS["HTTP_RAW_POST_DATA"]; // Try globals variable if (!$post && isset($HTTP_RAW_POST_DATA)) $post = $HTTP_RAW_POST_DATA; // Try stream if (!$post) { if (!function_exists('file_get_contents')) { $fp = fopen("php://input", "r"); if ($fp) { $post = ''; while (!feof($fp)) $post = fread($fp, 1024); fclose($fp); } } else { $post = "" . file_get_contents("php://input"); } } $raw = !empty($_SERVER['QUERY_STRING']) ? sprintf('%s&%s', $_SERVER['QUERY_STRING'], $post) : $post; $arr = array(); $pairs = explode('&', $raw); foreach ($pairs as $i) { if (!empty($i)) { list($name, $value) = explode('=', $i, 2); if (isset($arr[$name]) ) { if (is_array($arr[$name]) ) { $arr[$name][] = $value; } else { $arr[$name] = array($arr[$name], $value); } } else { $arr[$name] = $value; } } } foreach ( $_POST as $key => $value ) { if (is_array($arr[$key]) ) { $_POST[$key] = $arr[$name]; $_REQUEST[$key] = $arr[$name]; } } foreach ( $_GET as $key => $value ) { if (is_array($arr[$key]) ) { $_GET[$key] = $arr[$name]; $_REQUEST[$key] = $arr[$name]; } } # optionally return result array return $arr; } ?>

slavik0329 (19-Mar-2009 03:01)

the addget function below actually has more use when you dont use the recursive merge as such: <?php function AddGet($ArrayOrString){ if(is_array($ArrayOrString)) return http_build_query(array_merge($GLOBALS['_GET'], $ArrayOrString)); parse_str($ArrayOrString, $output); return http_build_query(array_merge($GLOBALS['_GET'], $output)); } ?> In this case, if the key is added again with a different value it will be replaced with the new value. addget("change=true"); // ?change=true addget("change=false"); // ?change=false

admin at bordeux dot net (29-Jan-2009 08:03)

<?php function AddGet($ArrayOrString){ if(is_array($ArrayOrString)) return http_build_query(array_merge_recursive($GLOBALS['_GET'], $ArrayOrString)); parse_str($ArrayOrString, $output); return http_build_query(array_merge_recursive($GLOBALS['_GET'], $output)); } ?> <a href="index.php?<?php echo AddGet(array("change"=>true,"jump"=>"42m"));?>">URL</a> <a href="index.php?<?php echo AddGet("change=true&jump=42m");?>">URL</a> Assuming the user entered http://example.com/?name=Hannes The above example will output something similar to: <a href="index.php?name=Hannes&change=1&jump=42m">URL</a> <a href="index.php?name=Hannes&change=true&jump=42m">URL</a>

hmaloney at contactpoint dot com dot au (19-Sep-2008 12:38)

This code is really useful for reproducing the values in the $_GET variable, and attaching that to a $_SERVER['PHP_SELF'] value when building the action value of a form tag, so that you don't lose any other values that could have been passed: foreach ($_GET as $key => $value) { if ($key != "C") { // ignore this particular $_GET value $querystring .= $key."=".$value; } }

RJ Regalado (17-Jun-2008 03:57)

Use this code if you want to retrieve your queries no matter what method is used. Hope it helps. <?php // By: RJ Regalado // http://rjfiles.uni.cc/~php_examples/?id=1 $name = trim ((!empty($_POST['name'])) ? $_POST['name'] : $_GET['name'] ); if ( strlen ($name) < 1) { echo "Please enter your name"; } else { printf ("Hello <b>%s</b><br>", $name); printf ("Bonjour <b>%s</b><br>", $name); printf ("Hallo <b>%s</b><br>", $name); printf ("Ciao <b>%s</b><br>", $name); printf ("Hola <b>%s</b><br>", $name); } ?><hr> <form method="POST"> Name: <input type="text" name="name"> <input type="submit" value="POST"> </form><hr> <form method="GET"> Name: <input type="text" name="name"> <input type="submit" value="GET"> </form>

timberspine _AT_ gmail _DOT_ com (15-May-2008 12:38)

Note that named anchors are not part of the query string and are never submitted by the browser to the server. Eg. http://www.xyz-abc.kz/index.php?title=apocalypse.php#doom echo $_GET['title']; // returns "apocalypse.php" and NOT "apocalypse.php#doom" you would be better off treating the named anchor as another query string variable like so: http://www.xyz-abc.kz/index.php?title=apocalypse.php&na=doom ...and then retrieve it using something like this: $url = $_GET['title']."#".$_GET['na']; Hope this helps someone...

niwil at djes dot dk (14-May-2008 02:00)

Note: If nothing is set in the address bar, the value of $_GET['n'] will be NULL, not ""(empty string) or false.

$_GET

$HTTP_GET_VARS [已弃用]

说明

更新日志

范例

注释

参见

用户评论: