In php, parse_str parses the query string to the variable.

Source: Internet
Author: User
Tags function prototype

The parse_str () function parses strings into variables, which means a conversion mechanism between strings and variables is implemented, data is passed in the form of a string, such as GET request, and then on the server side through $ _ GET/$ _ POST and other global variables to achieve string and variable conversion, such as: http://www.liuhui.info /? Index. php? Var1 = 1 & var2 = 2. After the request, the server can use $ _ GET ['var1'] to obtain the string var1 = 1 & var2 = 2 and convert it to a variable. The parse_str () function can implement the sample function. You can directly convert strings and variables by using the parse_str () function to parse the value of $ _ SERVER ['query _ string, for example, $ var1.

I. Function prototype

The code is as follows: Copy code
Void parse_str (string str [, array & arr])

2. Version compatibility
PHP 3, PHP 4, PHP 5

III. Basic function usage and examples
1. Parse the string as a variable.

The code is as follows: Copy code

<? Php
Parse_str ("var1 = liuhui & var2 = parse_str ");
Echo $ var1. $ var2;
?>


2. Parse the string and store the variable in the array.

The code is as follows: Copy code

<? Php
Parse_str ("var1 = liuhui & var2 = parse_str", $ array );
Print_r ($ array );
?>


Output: Array ([var1] => liuhui [var2] => parse_str)

Note: This variable is added only when it is stored in the array in PHP 4.0.3.

3. The parsed string contains spaces.

The code is as follows: Copy code

<? Php
Parse_str ("v ar1 = liuhui & var 2 = parse_str", $ array );
Print_r ($ array );
?>

Output: Array ([v_ar1] => liuhui [var_2] => parse_str)

Note: Convert spaces to underscores _

IV. Notes
1. If the array parameter is not set, the variables set by this function will overwrite the variables with the same name.
2. The magic_quotes_gpc setting in php. ini affects the output of this function. If enabled, the variable will be converted by addslashes () before parse_str () resolution.
3. The parse_str () function has a vulnerability in processing parameters. Attackers can exploit this vulnerability to enable register_globals and further exploit the vulnerability in other PHP scripts. If only one parameter is used to call parse_str (), the function will consider that the parameter is parsed as the provided string through the request string transmitted by the URL, but external attackers can call parse_str () send many request variables to trigger the termination of the memory_limit request. If the request is disabled during the call of parse_str (), the register_globals label will be enabled all the time during the rest of the lifecycle of the related webserver process.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.