将php $ _GET变量存储在一个JavaScript变量中？ [英] Storing php $_GET variable in a javascript variable?

问题描述

我使用$ _GET方法（team1，team2）将两条信息传递给一个php页面。
我想在一些javascript中使用这些变量。我怎样才能做到这一点？

谢谢 原始答案

在您的.php文件中。

 < script type =text / javascript> 
 var team1，team2; 
 team1 =<？php echo $ _GET ['team1']; ？取代; 
 team1 =<？php echo $ _GET ['team1']; ？取代; 
< / script> 
  

更安全的答案：

当我抨击这个答案时，甚至没有想过XSS。 （查看注释！）$ _GET数组中的任何内容都应该被转义，否则用户几乎可以将他们想要的任何JS插入到页面中。所以试试这样：

 < script type =text / javascript> 
 var team1，team2; 
 team1 =<？php echo htmlencode（json_encode（$ _ GET ['team1']））; ？取代; 
 team1 =<？php echo htmlencode（json_encode（$ _ GET ['team1']））; ？取代; 
< / script> 
  

从这里 http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site -scripting-xss-attacks / 。

更多关于Google的XSS http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript 。

干杯评论者。

I am passing two pieces of info to a php page using the $_GET method (team1, team2). I'd like to use these as variables in some javascript. How can I do this?

Thanks

解决方案

Original answer:

In your .php file.

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo $_GET['team1']; ?>; 
  team1 = <?php echo $_GET['team1']; ?>; 
</script>

Safer answer:

Didn't even think about XSS when I blasted this answer out. (Look at the comments!) Anything from the $_GET array should be escaped, otherwise a user can pretty much insert whatever JS they want into your page. So try something like this:

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
</script>

From here http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site-scripting-xss-attacks/.

More about XSS from Google http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.

Cheers to the commenters.

这篇关于将php $ _GET变量存储在一个JavaScript变量中？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！