将 php $_GET 变量存储在 javascript 变量中?

2022-01-04 00:00:00 variables get php javascript

我正在使用 $_GET 方法(team1、team2)将两条信息传递给一个 php 页面.我想在一些 javascript 中使用这些作为变量.我该怎么做?

I am passing two pieces of info to a php page using the $_GET method (team1, team2). I'd like to use these as variables in some javascript. How can I do this?

谢谢

推荐答案

原答案:

在您的 .php 文件中.

In your .php file.

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo $_GET['team1']; ?>; 
  team1 = <?php echo $_GET['team1']; ?>; 
</script>

更安全的答案:

当我爆出这个答案时,甚至没有考虑 XSS.(看评论!)$_GET 数组中的任何内容都应该转义,否则用户几乎可以将他们想要的任何 JS 插入到您的页面中.所以尝试这样的事情:

Didn't even think about XSS when I blasted this answer out. (Look at the comments!) Anything from the $_GET array should be escaped, otherwise a user can pretty much insert whatever JS they want into your page. So try something like this:

<script type="text/javascript"> 
  var team1, team2; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
  team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>; 
</script>

从这里 http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site-scripting-xss-attacks/.

来自 Google 的有关 XSS 的更多信息 http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.

More about XSS from Google http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.

为评论者干杯.

相关文章