将 php $_GET 变量存储在 javascript 变量中?
我正在使用 $_GET 方法(team1、team2)将两条信息传递给一个 php 页面.我想在一些 javascript 中使用这些作为变量.我该怎么做?
I am passing two pieces of info to a php page using the $_GET method (team1, team2). I'd like to use these as variables in some javascript. How can I do this?
谢谢
推荐答案
原答案:
在您的 .php 文件中.
In your .php file.
<script type="text/javascript">
var team1, team2;
team1 = <?php echo $_GET['team1']; ?>;
team1 = <?php echo $_GET['team1']; ?>;
</script>
更安全的答案:
当我爆出这个答案时,甚至没有考虑 XSS.(看评论!)$_GET 数组中的任何内容都应该转义,否则用户几乎可以将他们想要的任何 JS 插入到您的页面中.所以尝试这样的事情:
Didn't even think about XSS when I blasted this answer out. (Look at the comments!) Anything from the $_GET array should be escaped, otherwise a user can pretty much insert whatever JS they want into your page. So try something like this:
<script type="text/javascript">
var team1, team2;
team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>;
team1 = <?php echo htmlencode(json_encode($_GET['team1'])); ?>;
</script>
从这里 http://www.bytetouch.com/blog/programming/protecting-php-scripts-from-cross-site-scripting-xss-attacks/.
来自 Google 的有关 XSS 的更多信息 http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.
More about XSS from Google http://code.google.com/p/doctype/wiki/ArticleXSSInJavaScript.
为评论者干杯.
相关文章