47

How can I pass one or more variables of type array to another page via $_GET?

I always passed variable values in the form ?a=1&b=2&c=3

What about passing a=[1,2,3] ?

Do I need to write a for loop and append all the values?

Thanks

Improve this question
1

4 Answers 4

Reset to default
101

You can use the [] syntax to pass arrays through _GET:

?a[]=1&a[]=2&a[]=3

PHP understands this syntax, so $_GET['a'] will be equal to array(1, 2, 3).

You can also specify keys:

?a[42]=1&a[foo]=2&a[bar]=3

Multidimentional arrays work too:

?a[42][b][c]=1&a[foo]=2

http_build_query() does this automatically:

http_build_query(array('a' => array(1, 2, 3))) // "a[]=1&a[]=2&a[]=3"

http_build_query(array(
    'a' => array(
        'foo' => 'bar',
        'bar' => array(1, 2, 3),
     )
)); // "a[foo]=bar&a[bar][]=1&a[bar][]=2&a[bar][]=3"

An alternative would be to pass json encoded arrays:

?a=[1,2,3]

And you can parse a with json_decode:

$a = json_decode($_GET['a']); // array(1, 2, 3)

And encode it again with json_encode:

json_encode(array(1, 2, 3)); // "[1,2,3]"

Dont ever use serialize() for this purpose. Serialize allows to serialize objects, and there is ways to make them execute code. So you should never deserialize untrusted strings.

Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

+1 for json. just make sure you urlencode your json array to counter xss
urlencode() is not a way to counter xss. htmlspecialchars() is. But anyone should already htmlspecialchars() everything he outputs.
@arnoud: using urlencode inside attributes is safe. And when passing an url, you want it encoded for urls, not for markup (think href="")
urlencode() is not meant to escape html, it's goal is to escape url components ;) So you just escape parameter names and values with urlencode(), and you escape the whole url with htmlspecialchars() before embeding it in a HTML document.
and the json_encoded array is what? it's an url component! urlencode encodes at least <, >, &, ", ' so you are on the safe side …
|
7

You can pass an associative array to http_build_query() and append the resulting string as the query string to the URL. The array will automatically be parsed by PHP so $_GET on the receiving page will contain an array.

Example

$query_str = http_build_query(array(
    'a' => array(1, 2, 3)
));
Improve this answer

Comments

5 
$city_names = array(
    'delhi',
    'mumbai',
    'kolkata',
    'chennai'
);
$city_query = http_build_query(array('city' => $city_names));

this will give you:

city[0]=delhi&city[1]=mumbai&city[2]=kolkata&city[3]=chennai

if you want to encode the brackets also then use the below code:

$city_query = urlencode(http_build_query(array('city' => $city_names)));

Output:

city%255B0%255D%3Ddelhi%26city%255B1%255D%3Dmumbai .....

Reference: http_build_query, urlencode

Improve this answer

Comments

-4

Just repeat your $_GET variables like this: name=john&name=lea

This gives you an array.

I used to believe it would be overwritten!

Improve this answer

1 Comment

This is incorrect. Repeating the parameter will overwrite. You must include the brackets on each name part in order to get an array. At least, that's what happens on PHP 5.3+.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.