用户评论:
[#1]
Tolulope [2015-09-17 14:53:04]
pls i need help on how to make my code work for search engine.
//then below is the set command and queryif(isset($_GET['search'])) {$search_value=$_GET['value'];$query="select * from sites where keywords like '%search_value'";$my_run=mysql_query($query);
while ($row=mysql_fetch_array($my_run)) {$title=$row['title'];$link=$row['link'];$desc=$row['description'];
echo"
$title
$link$desc
";}
}?>
Error : but it keeps telling me that i can make use of global array $_GET , that i should instead use filter_input.
Now i set up my filter_input code like this but still did not search my database to return result . but it gave no error. please i need help.
if(!empty(INPUT_GET ('search'))){
$search_value = filter_input(INPUT_GET, 'value');
$query = "select * from sites where keywords like '%search_value'";
$my_run = mysql_query($query);
while ($row = mysql_fetch_array($my_run)) {
$title =$row['title'];
$link =$row['link'];
$desc =$row['description'];
echo "
$title
$link$desc
";}
}
?>
[#2]
dirk dot lze at gmail dot com [2015-07-14 18:55:06]
Make $_GET and $_POST more like in Perl.
This function also disable magic_quotes.
Will be better to handle.
function param($name){
if(is_string($name)){
if((bool) get_magic_quotes_gpc()){
set_magic_quotes_runtime(0);
$param = isset($_POST[$name]) ? stripslashes($_POST[$name]) : false;
$param = isset($_GET[$name]) ? stripslashes($_GET[$name]) : $param;
}else{
$param = isset($_POST[$name]) ? $_POST[$name] : false;
$param = isset($_GET[$name]) ? $_GET[$name] : $param;
}
return $param;
}else{
return $name;
}
}
if(param('foo')){
echo "bar";
}
[#3]
sonyadivarosa at gmail dot com [2014-11-12 12:59:01]
cipto junaedy dengan berbagei jurus strategi yang beliau ajarkan kepada semua anggotanya memang terbukti ampuh..hal ini dapat dibuktikan dengan adanya kalangan muda yang telah sukses berkat didikan dari sangnpakar bisnis property ini dan untuk lebih mengenalnya silahkan anda lihat di.
http://seogendeng.blogspot.com/2014/04/cipto-junaedy.html
[#4]
Anonymous [2014-10-10 13:11:01]
There is a smart way to protect the $ _GET input from malicious injection and options for inserting default values:
{$option=false;// Old version depricated part$content=(!empty($_GET[$name]) ?trim($_GET[$name]) : (!empty($value) && !is_array($value) ?trim($value) :false));
if(is_numeric($content))
returnpreg_replace("@([^0-9])@Ui","",$content);
else if(is_bool($content))
return ($content?true:false);
else if(is_float($content))
returnpreg_replace("@([^0-9\,\.\+\-])@Ui","",$content);
else if(is_string($content))
{
if(filter_var($content,FILTER_VALIDATE_URL))
return$content;
else if(filter_var($content,FILTER_VALIDATE_EMAIL))
return$content;
else if(filter_var($content,FILTER_VALIDATE_IP))
return$content;
else if(filter_var($content,FILTER_VALIDATE_FLOAT))
return$content;
else
returnpreg_replace("@([^a-zA-Z0-9\+\-\_\*\@\$\!\;\.\?\#\:\=\%\/\ ]+)@Ui","",$content);
}
elsefalse;
}?>
I hope this is helpful. Cheers ;)
[#5]
Z80user [2013-03-04 23:40:41]
in MySQLi
I need write
-. $_GET[actor]
instead of
-. $_GET["actor"]
or
-. $_GET['actor']
NOTE: IIS 7.5 (On Windows Server 2008 R2 Datacenter) with PHP Version 5.4.12 and mysqlnd 5.0.10
Version of MySQL 5.6.10
This code show a Movies with an actor ID_Actor
E.G. URL "http://127.0.0.1/test2.php?actor=14"
if (mysqli_connect_errno()) {printf("Connect failed: %s\n",mysqli_connect_error());
exit();
}// A QUICK QUERY ON A FAKE USER TABLE$query="SELECT DISTINCT Title FROM movie WHERE ID_movie IN ( SELECT DISTINCT ID_Movie FROM actor_scene WHERE ID_actor=$_GET[actor]) ";$result=$mysqli->query($query) or die($mysqli->error.__LINE__);// GOING THROUGH THE DATAif($result->num_rows>0) {
while($row=$result->fetch_assoc()) {
echostripslashes($row['Title'])."
";
echo" ";
}
}
else {
echo'NO RESULTS';
}// CLOSE CONNECTIONmysqli_close($mysqli);?>
[#6]
zgold [2011-08-10 01:58:59]
I don't directly use $_GET due to security concerns, instead I create a new array called $_CLEAN which contains cleaned superglobal variables.
{
if(!is_array($elem))$elem=htmlentities($elem,ENT_QUOTES,"UTF-8");
else
foreach ($elemas$key=>$value)$elem[$key] =$this->clean($value);
return$elem;
}$_CLEAN['GET'] =clean($_GET);?>
I also do this for $_POST, as followed:
[#7]
Maarten Schroeven [2011-07-25 13:09:44]
You can use this function to remove any $_GET variables out of your URL, it takes an array off strings(the names keys of the $_GET you wish to remove) and returns the url with the ones specified removed
foreach($getNamesas$id=>$name){
foreach ($urlArrayas$key=>$value){
if(isset($_GET[$name]) &&$value==$name."=".$_GET[$name])
unset($urlArray[$key]);
}
}$urlArray=array_values($urlArray);
foreach ($urlArrayas$key=>$value){
if($key
}
return$retUrl."?".$retGet;
}?>
Example
current url is http://www.example.net/index.php?getVar1=Something&getVar2=10&getVar3=ok
[#8]
Daniel M [2011-01-14 04:35:54]
If you need to find out whether any GET variables have been specified, you can use the empty() function.
echo"No GET variables";
elseprint_r($_GET);?>
empty() - http://php.net/manual/en/function.empty.php
print_r() - http://php.net/manual/en/function.print-r.php
[#9]
chris at bjelleklang dot org [2010-12-18 14:40:45]
Please note that PHP setups with the suhosin patch installed will have a default limit of 512 characters for get parameters. Although bad practice, most browsers (including IE) supports URLs up to around 2000 characters, while Apache has a default of 8000.
To add support for long parameters with suhosin, add
suhosin.get.max_value_length = in php.ini
[#10]
John Galt [2010-06-14 17:57:04]
Just a note, because I didn't know for sure until I tested it.
If you have a query string that contains a parameter but no value (not even an equals sign), like so:
http://path/to/script.php?a
The following script is a good test to determine how a is valued:
print_r($_GET);
if($_GET["a"] ==="") echo"a is an empty string\n";
if($_GET["a"] ===false) echo"a is false\n";
if($_GET["a"] ===null) echo"a is null\n";
if(isset($_GET["a"])) echo"a is set\n";
if(!empty($_GET["a"])) echo"a is not empty";?>
I tested this with script.php?a, and it returned:
a is an empty string
a is set
So note that a parameter with no value associated with, even without an equals sign, is considered to be an empty string (""), isset() returns true for it, and it is considered empty, but not false or null. Seems obvious after the first test, but I just had to make sure.
Of course, if I do not include it in my browser query, the script returns
Array
(
)
a is null
[#11]
Alberto Lepe dev at alepe dot com [2009-10-04 21:23:09]
This Function will help you to manage your GET parameters to facilitate coding and prevent duplication. This is a basic version but it can be easily extended.
if(count($_GET) >0) {
if(!empty($args)) {$lastkey="";$pairs=explode("&",$args);
foreach($pairsas$pair) {
if(strpos($pair,":") !==false) {
list($key,$value) =explode(":",$pair);
unset($_GET[$key]);$lastkey="&$key$value";
} elseif(strpos($pair,"=") ===false)
unset($_GET[$pair]);
else {
list($key,$value) =explode("=",$pair);$_GET[$key] =$value;
}
}
}
return"?".((count($_GET) >0)?http_build_query($_GET).$lastkey:"");
}?>
To test, copy+paste the following code into testFixGet.php
<?php $cases= array (0=> array("s"=>1,"fi"=>2,"m"=>4,"p"=>3),1=> array("s"=>"","fi"=>"","m"=>4,"p"=>3),
);$test[0] = array("s"=>"fi=2&m=4&p=3","s&m"=>"fi=2&p=3","s=4"=>"s=4&fi=2&m=4&p=3","s=2&m"=>"s=2&fi=2&p=3","s=&m=3"=>"s=&fi=2&m=3&p=3","s=2&m="=>"s=2&fi=2&m=&p=3","s=2&m:="=>"s=2&fi=2&p=3&m=","z=9"=>"s=1&fi=2&m=4&p=3&z=9","z:"=>"s=1&fi=2&m=4&p=3&z","s:&m=3"=>"fi=2&m=3&p=3&s","s&m=3"=>"fi=2&m=3&p=3",
);$test[1] = array("s"=>"fi=&m=4&p=3","s&m"=>"fi=&p=3","s=4"=>"s=4&fi=&m=4&p=3","s=2&m"=>"s=2&fi=&p=3","s=&m=3"=>"s=&fi=&m=3&p=3","s=2&m="=>"s=2&fi=&m=&p=3","s=2&m:="=>"s=2&fi=&p=3&m=","z=9"=>"s=&fi=&m=4&p=3&z=9","z:"=>"s=&fi=&m=4&p=3&z",
);
foreach($casesas$x=>$value) {
echo"
CASE:$x
\n";
foreach($test[$x] as$arg=>$expected) {$_GET=$cases[$x];$res=myForm::fixGet($arg);
echo (($res==="?".$expected)?"OK":"NG ($res)")." [$arg]
\n";
}
}?>
[#12]
robotreply at gmail dot com [2009-07-24 00:17:52]
Parsing of GET/POST drops duplicate variables unless those variables have "[]" (PHP bugs #10502, #15498 and #16195). Adding "[]" makes a mess of your javascript code, so here is a small workaround to it.
This function basically scans your raw POST and GET input and tries to fix the same. This function must be called near the top of your script. Optimizations are welcome.
if (!function_exists('file_get_contents')) {$fp=fopen("php://input","r");
if ($fp) {$post='';
while (!feof($fp))$post=fread($fp,1024);fclose($fp);
}
} else {$post="".file_get_contents("php://input");
}
}$raw= !empty($_SERVER['QUERY_STRING']) ?sprintf('%s&%s',$_SERVER['QUERY_STRING'],$post) :$post;$arr= array();$pairs=explode('&',$raw);
foreach ($pairsas$i) {
if (!empty($i)) {
list($name,$value) =explode('=',$i,2);
if (isset($arr[$name]) ) {
if (is_array($arr[$name]) ) {$arr[$name][] =$value;
} else {$arr[$name] = array($arr[$name],$value);
}
} else {$arr[$name] =$value;
}
}
}
foreach ($_POSTas$key=>$value) {
if (is_array($arr[$key]) ) {$_POST[$key] =$arr[$name];$_REQUEST[$key] =$arr[$name];
}
}
foreach ($_GETas$key=>$value) {
if (is_array($arr[$key]) ) {$_GET[$key] =$arr[$name];$_REQUEST[$key] =$arr[$name];
}
}# optionally return result arrayreturn$arr;
}?>
[#13]
slavik0329 [2009-03-19 07:01:05]
the addget function below actually has more use when you dont use the recursive merge as such:
if(is_array($ArrayOrString))
returnhttp_build_query(array_merge($GLOBALS['_GET'],$ArrayOrString));parse_str($ArrayOrString,$output);
returnhttp_build_query(array_merge($GLOBALS['_GET'],$output));
}?>
In this case, if the key is added again with a different value it will be replaced with the new value.
addget("change=true"); // ?change=true
addget("change=false"); // ?change=false
[#14]
timberspine _AT_ gmail _DOT_ com [2008-05-14 16:38:15]
Note that named anchors are not part of the query string and are never submitted by the browser to the server.
Eg.
http://www.xyz-abc.kz/index.php?title=apocalypse.php#doom
echo $_GET['title'];
// returns "apocalypse.php" and NOT "apocalypse.php#doom"
you would be better off treating the named anchor as another query string variable like so:
http://www.xyz-abc.kz/index.php?title=apocalypse.php&na=doom
...and then retrieve it using something like this:
$url = $_GET['title']."#".$_GET['na'];
Hope this helps someone...
203
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
