Original answer:

原答案：

In your .php file.

在您的 .php 文件中。

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo $_GET['team1']; ?>; 
  team1 = <?php echo $_GET['team1']; ?>; 
</script>

Safer answer:

更安全的答案：

Didn't even think about XSS when I blasted this answer out. (Look at the comments!) Anything from the $_GET array should be escaped, otherwise a user can pretty much insert whatever JS they want into your page. So try something like this:

当我爆出这个答案时，甚至没有考虑 XSS。（看评论！）$_GET 数组中的任何内容都应该转义，否则用户几乎可以将他们想要的任何 JS 插入到您的页面中。所以尝试这样的事情：

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
</script>

From here http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site-scripting-xss-attacks/.

从这里http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site-scripting-xss-attacks/。

More about XSS from Google http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.

有关来自 Google 的 XSS 的更多信息http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript。

Cheers to the commenters.

为评论者喝彩。

Since $_GETjust access variables in the querystring, you can do the same from javascript if you wish:

由于$_GET只访问查询字符串中的变量，如果您愿意，您可以从 javascript 中执行相同的操作：

<script>
var $_GET = populateGet();

function populateGet() {
  var obj = {}, params = location.search.slice(1).split('&');
  for(var i=0,len=params.length;i<len;i++) {
    var keyVal = params[i].split('=');
    obj[decodeURIComponent(keyVal[0])] = decodeURIComponent(keyVal[1]);
  }
  return obj;
}
</script>

Make sure you use something like htmlentitiesto escape the values so that your application is not susceptible to cross-site scripting attacks. Ideally you would validate the variables to make sure they're an expected value before outputting them to the page.

确保您使用htmlentities 之类的东西来转义这些值，这样您的应用程序就不容易受到跨站点脚本攻击的影响。理想情况下，您应该在将变量输出到页面之前验证变量以确保它们是预期值。

<script type="text/javascript"> 
  var team1 = '<?php echo htmlentities($_GET['team1']); ?>'; 
  var team2 = '<?php echo htmlentities($_GET['team2']); ?>'; 
</script>

<script type="text/javascript">
  var team1 = <?php echo $_GET['team1'] ?>;
  var team2 = <?php echo $_GET['team2'] ?>;
</script>

The other methods are kind of dirty, and there can be some problems. Your better off just using javascript:

其他方法有点脏，可能会有一些问题。你最好只使用 javascript：

<script>
function get_data(name){
  name = name.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");
  var regexS = "[\?&]"+name+"=([^&#]*)";
  var regex = new RegExp(regexS);
  var results = regex.exec(window.location.href);
  if(results == null) return "";
  else return results[1];
}

var var1 = get_data('var1');
var var2 = get_data('var2');
</script>

But this still isn't super secure.

但这仍然不是超级安全。

Another way of doing this, which I just thought of, is to print the $_GET array. I don't know if that would work, though. Anyway, if it does, then here it is:

我刚刚想到的另一种方法是打印 $_GET 数组。不过，我不知道这是否可行。无论如何，如果是这样，那么它是：

<script>
    var _get = <?php print_r($_GET); ?>

    var team1 = _get['team1'];
    var team2 = _get['team2'];
</script>

And you would want to run array_walk(or something like that), on a function to clean each string.

并且您可能想要在一个函数上运行 array_walk（或类似的东西）来清理每个字符串。

Another way to do this with javascript :

使用 javascript 执行此操作的另一种方法：

var team1 = $_GET('team1');

function $_GET(q,s) {
        s = s ? s : window.location.search;
        var re = new RegExp('&'+q+'(?:=([^&]*))?(?=&|$)','i');
        return (s=s.replace(/^?/,'&').match(re)) ? (typeof s[1] == 'undefined' ? '' : decodeURIComponent(s[1])) : undefined;
} 

Make sure your $_GETvars are available and not empty and use the following:

确保您的$_GET变量可用且不为空，并使用以下内容：

<script type="text/javascript">
    var team1 = <?php echo $_GET['team1']; ?>;
    var team2 = <?php echo $_GET['team2']; ?>;
</script>