Home >Backend Development >PHP Tutorial >parse_str in php implements query string parsing into variables_PHP tutorial
The fourth issue of the PHP built-in function research series uses the PHP function parse_str to parse query strings into variables. It mainly discusses the role and usage of the parse_str() function.
The parse_str() function can parse strings into variables, which means that a conversion mechanism between strings and variables is implemented. In the process of transmitting data to the client, the data passes through the string. Transfer in the form, such as GET request, and then use global variables such as $_GET/$_POST to convert strings and variables on the server side, such as: http://www.liuhui.info/?index.php?var1=1&var2=2 , after the request, the server can use $_GET['var1'] to obtain the string var1=1&var2=2 and convert it into a variable. The parse_str() function can implement similar functions. Using the parse_str() function to parse the value of $_SERVER['QUERY_STRING'], you can directly convert strings and variables, such as $var1.
1. Function prototype
代码如下 | 复制代码 |
void parse_str ( string str [, array &arr] ) |
Two, version compatible
PHP 3, PHP 4, PHP 5
3. Basic usage and examples of functions
1. Parse the string into a variable
The code is as follows | Copy code | ||||
echo $var1.$var2; |
代码如下 | 复制代码 |
parse_str("var1=liuhui&var2=parse_str",$array);
|
2. Parse the string and store the variables into an array
The code is as follows | Copy code | ||||
parse_str("var1=liuhui&var2=parse_str",$array); print_r($array);
|
The code is as follows | Copy code |
parse_str("v ar1=liuhui&var 2=parse_str",$array); print_r($array); ?> Output: Array ([v_ar1] => liuhui [var_2] => parse_str ) |
Instructions: Directly convert spaces to underscores_
Four. Things to note
1. If the array parameter is not set, the variables set by this function will overwrite variables with the same name.
2. The magic_quotes_gpc setting in php.ini affects the output of this function. If enabled, variables are converted by addslashes() before being parsed by parse_str() .
3. There is a vulnerability in the parse_str() function when processing parameters. An attacker can use this vulnerability to enable register_globals, thereby further exploiting vulnerabilities in other PHP scripts. If parse_str() is called with only one argument, the function will parse the provided string as if the argument was a request string passed through the URL, but an external attacker can trigger this by sending many request variables during the call to parse_str(). memory_limit request terminated. If request closure is performed during a call to parse_str(), the register_globals tag will remain open for the rest of the life of the associated webserver process.