In php, parse_str parses the query string to the variable.

The parse_str () function parses strings into variables, which means a conversion mechanism between strings and variables is implemented, data is passed in the form of a string, such as GET request, and then on the server side through $ _ GET/$ _ POST and other global variables to achieve string and variable conversion, such as: http://www.liuhui.info /? Index. php? Var1 = 1 & var2 = 2. After the request, the server can use $ _ GET ['var1'] to obtain the string var1 = 1 & var2 = 2 and convert it to a variable. The parse_str () function can implement the sample function. You can directly convert strings and variables by using the parse_str () function to parse the value of $ _ SERVER ['query _ string, for example, $ var1.

I. Function prototype

The code is as follows:	Copy code
Void parse_str (string str [, array & arr])

2. Version compatibility
PHP 3, PHP 4, PHP 5

III. Basic function usage and examples
1. Parse the string as a variable.

The code is as follows:	Copy code
<? Php Parse_str ("var1 = liuhui & var2 = parse_str "); Echo $ var1. $ var2; ?>

2. Parse the string and store the variable in the array.

The code is as follows:	Copy code
<? Php Parse_str ("var1 = liuhui & var2 = parse_str", $ array ); Print_r ($ array ); ?> Output: Array ([var1] => liuhui [var2] => parse_str)

Note: This variable is added only when it is stored in the array in PHP 4.0.3.

3. The parsed string contains spaces.

The code is as follows:	Copy code
<? Php Parse_str ("v ar1 = liuhui & var 2 = parse_str", $ array ); Print_r ($ array ); ?> Output: Array ([v_ar1] => liuhui [var_2] => parse_str)

Note: Convert spaces to underscores _

IV. Notes
1. If the array parameter is not set, the variables set by this function will overwrite the variables with the same name.
2. The magic_quotes_gpc setting in php. ini affects the output of this function. If enabled, the variable will be converted by addslashes () before parse_str () resolution.
3. The parse_str () function has a vulnerability in processing parameters. Attackers can exploit this vulnerability to enable register_globals and further exploit the vulnerability in other PHP scripts. If only one parameter is used to call parse_str (), the function will consider that the parameter is parsed as the provided string through the request string transmitted by the URL, but external attackers can call parse_str () send many request variables to trigger the termination of the memory_limit request. If the request is disabled during the call of parse_str (), the register_globals label will be enabled all the time during the rest of the lifecycle of the related webserver process.