Fatal error: Uncaught ArgumentCountError: parse_str() expects exactly 2 arguments, 1 given. How do i update for latest php version?
Fatal error: Uncaught ArgumentCountError: parse_str() expects exactly 2 arguments, 1 given. How do i update for latest php version?
parse_str($_SERVER['QUERY_STRING']);
if ($m == ""){
$dateComponents = getdate();
$month = $dateComponents['mon'];
$year = $dateComponents['year'];
} else {
$month = $m;
$year = $y;
}
echo build_previousMonth($month, $year, $monthString);
// ... etc
parse_str() - and the particular way it was often used - was, to say the least, quite naive. The problem is that, when called without second argument, this function essentially allowed polluting the local symbol table. Here's an extract of CVE Vulnerability Description 的原始实现:
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin,
when called without a second parameter, might allow remote attackers
to overwrite arbitrary variables by specifying variable names and
values in the string to be parsed. NOTE: it is not clear whether this
is a design limitation of the function or a bug in PHP, although it is
likely to be regarded as a bug in Hardened-PHP and Suhosin.
这就是为什么省略第二个参数在 PHP 7.2 中被弃用并在 PHP 8.0 中完全删除的原因。因此,您需要重新实现此调用,以便将结果存储在一个变量中,而不是直接检查 $m、$y、...,而是检查存储在该变量中的关联数组的元素。
例如:
parse_str($_SERVER['QUERY_STRING'], $query);
if (empty($query['m'])) {
// no data passed
}
else {
$month = $query['m'];
// etc
}
作为旁注,我真的不确定为什么你甚至必须解析查询字符串,而不是直接使用 $_GET。
对于parse_str()需要两个参数一个是输入一个是输出
例如:
$QUERY_STRING = "first=value&second=scvalue";
parse_str($QUERY_STRING, $output_array)
这里 $output_array 包含查询字符串数据作为关联数组,可以像 $first_val = $output_array['first']
这样的参数名一样访问
请检查 link 以获得 parse_str() 文档 https://www.php.net/manual/en/function.parse-str.php
parse_str($_SERVER['QUERY_STRING']);
if ($m == ""){
$dateComponents = getdate();
$month = $dateComponents['mon'];
$year = $dateComponents['year'];
} else {
$month = $m;
$year = $y;
}
echo build_previousMonth($month, $year, $monthString);
// ... etc
parse_str() - and the particular way it was often used - was, to say the least, quite naive. The problem is that, when called without second argument, this function essentially allowed polluting the local symbol table. Here's an extract of CVE Vulnerability Description 的原始实现:
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
这就是为什么省略第二个参数在 PHP 7.2 中被弃用并在 PHP 8.0 中完全删除的原因。因此,您需要重新实现此调用,以便将结果存储在一个变量中,而不是直接检查 $m、$y、...,而是检查存储在该变量中的关联数组的元素。
例如:
parse_str($_SERVER['QUERY_STRING'], $query);
if (empty($query['m'])) {
// no data passed
}
else {
$month = $query['m'];
// etc
}
作为旁注,我真的不确定为什么你甚至必须解析查询字符串,而不是直接使用 $_GET。
对于parse_str()需要两个参数一个是输入一个是输出
例如:
$QUERY_STRING = "first=value&second=scvalue";
parse_str($QUERY_STRING, $output_array)
这里 $output_array 包含查询字符串数据作为关联数组,可以像 $first_val = $output_array['first']
请检查 link 以获得 parse_str() 文档 https://www.php.net/manual/en/function.parse-str.php