parse_str($_SERVER['QUERY_STRING']);
if ($m == ""){
$dateComponents = getdate();
$month = $dateComponents['mon'];
$year = $dateComponents['year'];
} else {
$month = $m;
$year = $y;
}
echo build_previousMonth($month, $year, $monthString);
// ... etc
Question posted in PHP Versions
You can find a list of all versions here.
You can find a list of all versions here.
2
Answers
Original implementation of parse_str() – and the particular way it was often used – was, to say the least, quite naive. The problem is that, when called without second argument, this function essentially allowed polluting the local symbol table. Here’s an extract of CVE Vulnerability Description:
That’s why omitting second argument was deprecated in PHP 7.2 and dropped completely in PHP 8.0. Thus you need to reimplement this call so that the result is stored in a variable, and instead of checking
$m
,$y
, … directly, you check elements of associative array stored in that variable instead.For example:
As a sidenote, I’m really not sure why do you even have to parse query string, and not just use $_GET directly.
For
parse_str()
requires two parameters one is input and another one is outputEg:
here
$output_array
contains the query string data as associate array and can be accessed like parameter name like$first_val = $output_array['first']
Please check the link for
parse_str()
documentation https://www.php.net/manual/en/function.parse-str.php