php 遍历 $_GET 结果
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1222244/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
loop through $_GET results
提问by Dinah
If I had something like this:
如果我有这样的事情:
?FormSub=Submit&qty=1&partno=ipod¬es=apple&unitprice=102.99&rowid=1&qty=2&partno=Ear+Buds¬es=Headphones&unitprice=45.99&rowid=2
Is it possible to loop through the GET's to return results into a HTML table and also add to a SQL table?
是否可以通过 GET 循环将结果返回到 HTML 表中并添加到 SQL 表中?
Or would I need to add the rowid to then end of every $_GET(i.e. qty1=1&partno1=ipod...)?
或者我是否需要将rowid添加到每个$_GET(即...)的末尾?qty1=1&partno1=ipod
Thanks for looking.
谢谢你看。
回答by Dinah
You can loop through $_GETthough. It's just an array:
你可以循环通过$_GET。它只是一个数组:
foreach ($_GET as $key => $value) { }
When you go through to make your SQL queries, remember to sanitize all of your inputs. Likewise for displaying values on the page. Use htmlentitiesto sanitize for HTML display. Assuming your database is MySQL, use mysql_real_escape_stringfor SQL.
当您进行 SQL 查询时,请记住清理所有输入。同样用于在页面上显示值。使用htmlentities消毒的HTML显示。假设您的数据库是 MySQL,mysql_real_escape_string用于 SQL。
回答by TigerTiger
$_GET is an array .. so you can just iterate over it using foreach
$_GET 是一个数组 .. 所以你可以使用 foreach 迭代它
foreach($_GET as $query_string_variable => $value) {
echo "$query_string_variable = $value <Br />";
}
you can also do extract($_GET)to make all of them as variable .. but I wont suggest it.
你也可以extract($_GET)把它们都做成可变的……但我不建议这样做。
If you want to save it to db you should consider mysql_real_escape_string($value).
如果要将其保存到 db,则应考虑mysql_real_escape_string($value).
To print a HTML table .. do you want something like this ??
要打印一个 HTML 表格 .. 你想要这样的东西吗??
$count = count($_GET);
if($count > 0) {
echo "<table>";
foreach($_GET as $query_string_variable => $value) {
echo "<tr><td>$query_string_variable</td><td>$value</td></tr>"
}
echo "</table>";
}
hope this helps.
希望这可以帮助。
回答by KM.
watch out!someone could easily alter this and submit:
小心!有人可以轻松更改此内容并提交:
?FormSub=Submit&qty=1&partno=ipod¬es=apple&unitprice=0.99&rowid=1&qty=2&partno=Ear+Buds¬es=Headphones&unitprice=0.05&rowid=2
note:"unitprice" was 102.99 and 45.99, but have been changed to 0.99 and 0.05, I guess they are on sale now at a great price!
注意:“单价”是 102.99 和 45.99,但已更改为 0.99 和 0.05,我想它们现在正在以优惠的价格出售!
回答by Gumbo
See the FAQ How do I create arrays in a HTML <form>?
请参阅常见问题解答如何在 HTML 中创建数组<form>?
So in your case a request of:
因此,在您的情况下,请求:
?FormSub=Submit&qty[]=1&partno[]=ipod¬es[]=apple&unitprice[]=102.99&rowid[]=1&qty[]=2&partno[]=Ear+Buds¬es[]=Headphones&unitprice[]=45.99&rowid[]=2
would create an array of the form:
将创建以下形式的数组:
array(
'FormSub' => 'Submit',
'qty' => array(
0 => '1',
1 => '2'
),
'partno' => array(
0 => 'ipod',
1 => 'Ear Buds'
),
'notes' => array(
0 => 'apple',
1 => 'Headphones'
),
'unitprice' => array(
0 => '102.99',
1 => '45.99'
),
'rowid' => array(
0 => '1',
1 => '2'
)
)
But I hope you don't accept those values without validation or even use it for an actual order.
但我希望您不要在未经验证的情况下接受这些值,甚至不要将其用于实际订单。
Additionally GET is intended to be used for data retrieval only:
此外GET 仅用于数据检索:
In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval.
特别是,约定已经建立,GET 和 HEAD 方法不应该具有采取除检索以外的动作的意义。
For requests with side effects (alteration of data on the server) you should use POST.
对于具有副作用的请求(服务器上的数据更改),您应该使用 POST。
