1. 技术文章
  2. send String[] b httprequest and get in php b $_GET

send String[] b httprequest and get in php b $_GET

∥☆過路亽.° 提交于 2020-01-07 03:40:14

问题


I want to send a String[] by an HTTP request and get the values in PHP with the $_GET method.
The total number of values in the String[] is variable.
I have tried so far: 

List<NameValuePair> params = new ArrayList<NameValuePair>();
String[] dropdowns = {"1st item","2nd item","3rd item","4th item"};
for (int i = 0; i < dropdowns.length; i++) {
params.add(new BasicNameValuePair("pid", dropdowns[i]));
}

In PHP I want to get all values and query based on them. 

$pid = $_GET['pid'];

And use them like:

$result = mysql_query("SELECT *FROM Apps WHERE pid[0] = $pid" AND pid[1] = $pid" 
AND ...);

But I know this way is wrong. How can I do that?


回答1:


This

$result = mysql_query("SELECT *FROM Apps WHERE pid[0] = $pid" AND pid[1] = $pid" AND ...);

Is very wrong and unsafe. (Columns wrong syntax, SQL injection, wrong quotation, wrong SQL syntax,...)

Must be something like

$result = mysql_query("
            SELECT * FROM Apps WHERE pid
            IN(" . implode(',', mysql_real_escape_string($pid)) . ")
          ");



回答2:


You can create a serialized reprezentation of the values you want to send in the url. It has limitations such as the max length of the url.

'http://domain.com/data_handler.php?data=' . urlencode(serialize($array1));

Getting back your array:

$array1 = unserialize($_GET['data']);

Its even better to create a post request and use this syntax: 

pid[]=1 
pid[]=2

http://www.php.net/manual/en/faq.html.php




回答3:


You cannot send an array through HTTP request UNLESS you have an array of inputs such as:

<input type='text' name='manyOfThese[]' />

To send an array you have two options. One is to use serialize() and unserialize() to turn your array into a string. And the other is to use session variables:

$_SESSION['pid'] = $pid;

Then on the next script

$pid = $_SESSION['pid'];
unset($_SESSION['pid']);
 foreach($pid as $element){
    echo $element //or do whatever you need to do to that variable
}

Also at the beginning of your scripts you will want to include: session_start();

And then when your php application is exited (upon logoff for example): session_destroy();




回答4:


There are two parts to this and both involve loops. First, when you are sending the data, put the brackets in the name to send it as an array:

for (int i = 0; i < dropdowns.length; i++) {
    params.add(new BasicNameValuePair("pid[]", dropdowns[i]));
}

Second, on the php end this array is stored in $_GET['pid'] or $_POST['pid'] depending on how you sent it, so you would loop through the array and add the items to your sql query. Just make a separate variable to store the sql statement so you can add to it:

$x = 0;
foreach($_GET['pid'] as $value) {
    $yourSQLString .= " AND pid[". $x ."] = '" . $value . "'";
    $x++;
}

And obviously you should do something else with the actual value to avoid sql injections.



来源:https://stackoverflow.com/questions/22611213/send-string-b-httprequest-and-get-in-php-b-get

标签
java
php
json
httprequest
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!