PHP GET 或 POST 数据到变量中，包括

Question

Want to convert dynamic GET variables to two internal variables so that I can use these values in SQL query.

I am passing a variable string to a URL like this

http://localhost/api-data?serial=1923473
http://localhost/api-data?manufacturer=jaguar
http://localhost/api-data?location=london
http://localhost/api-data?country=uk

I want to convert the GET data into two different variables, for example serial becomes $data1 and 1923473 becomes $data2. GET data is always in above format I just want to convert into two different variables.

print_r($_GET);

I can see the variable is passed like an array. My question, if data passed in following format AAAAA=BBBBB as get variable, how do I convert AAAAA into variable $data1 and BBBBBB into £data2. Bear in mind GET data will always be unique.

Once I have this data in 2 unique variables, I want to run a SQL query.

select blah1, blah2, blah4, blah5 from datastore where $data1 = "$data2";

Thank you in advance.

Answer 1

Your approach is not the best and will need to be reworked when you have more than one GET variable, but in general:

$allowed = ['serial', 'manufacturer']; //etc...
$col = key($_GET);

if(in_array($col, $allowed)) {
    $val = $_GET[$col];

    //Then prepare and execute using whatever DB library you are using
    $st = $db->prepare("SELECT blah1, blah2, blah4, blah5 FROM datastore WHERE $col = ?");
    $st->execute([$val]);
}

Answer 2

$_GET is an array of all parameters passed. So, a URL of ?abc=def&foo=bar would result in a $_GET of

array(2) { 
    ["abc"]=> string(3) "def" 
    ["foo"]=> string(3) "bar" 
}

Using this, you can loop through each item and append it to a query:

foreach($_GET as $key => $val) {
    $query .= " AND $key = '$val'";
}

However, be sure you account for SQL injections. The best option for countering this in this scenario is to verify each key with a list of valid keys.

Answer 3

This is one way of doing it in a plain and declarative manner .

I would highly recommend checking PDO and PDOStatement to build the query. Didn't add this example because it was not the question.

<?php

// given 
$_GET = ['serial' => 342, 'something-else' => 'not used'];
$allowedVariables = ['serial', 'manufacturer', 'location', 'country'];

// filter values from the query for only allowed keys
$data = array_filter($_GET, function ($value, $key) use ($allowedVariables) {
    return in_array($key, $allowedVariables);
}, ARRAY_FILTER_USE_BOTH);

// create an array of strings like "$data1 = $data2"
$query = array_map(function ($key, $value) {
    return "$key = $value";
}, array_keys($data), array_values($data));

// build the query while combining values with the "AND" keyword
$query = "select * from datastore where " . implode(' and ', $query);

var_dump($query);
// string(42) "select * from datastore where serial = 342"

Answer 4

For that, you can use extract($inputArray) (read more on php.net )

The keys in the input array will become the variable names and their values will be assigned to these new variables.

Also, if you want to filter the keys so that someone does not just inject unwanted variable in your current scope, then do the following before calling the extract() function...

<?php
// Pick only the data keys that are expected. Their names must be compatible with the PHP variable naming conventions.
$filteredData = array_intersect_key($_GET /* or $_POST*/, array_flip(['serial', 'manufacturer', 'location', 'country']));

// Extract the names into variables in the current scope.
extract($filteredData);
?>