2

I know that you can add values to an array via parse_str() like so:

parse_str( 'a[]=1&a[]=2&a[]=3' );
parse_str( 'a[0]=1&a[1]=2&a[2]=3' );

These both produce:

Array (
  [0] => 1
  [1] => 2
  [2] => 3
)

I'm looking to produce an array sort of like this:

parse_str( 'a[]=1,2,3' );

Is there any way of doing this, so that I don't need to type a[i]= every single time?

Improve this question
5
  • I would not use parse_str(), is a potential security hole. Commented Sep 11, 2013 at 2:49
  • Unreliable input can cause bugs, and untrusted input can overwrite even superglobals, e.g.: parse_str('_SERVER[DOCUMENT_ROOT]=/tmp') which would be a pretty bad thing if later on you want to refer to $_SERVER['DOCUMENT_ROOT'] for some other purpose like checking folder security. Commented Sep 11, 2013 at 2:59
  • 1
    What exactly is the use-case here? Where would 'a[]=1,2,3' come from? Commented Sep 11, 2013 at 3:22
  • The fact that you expressed concern about typing suggests that you are creating this manually. If that's the case, why are you not using $a=array(1,2,3); or $a=array('1','2','3'); Commented Sep 11, 2013 at 10:07
  • Yes, I am creating this manually. I'm parsing lines from a text file in order to list conjugations of Spanish verbs in the most efficient way possible. Commented Sep 11, 2013 at 13:29

1 Answer 1

Reset to default
2

Don't use parse_str(), not unless you're very sure about what you're doing. (Explained below.) Instead, I would suggest something like JSON, which doesn't change unexpected variables, is fairly fast, standardized, and easier to generate/consume.

$str = '{"items":[1,2,3]}'
$obj = json_decode($data);

var_export($obj->items);

Yields:

 array (
  0 => 1,
  1 => 2,
  2 => 3,
)

"Why not parse_str?"

  1. Bad input can easily break your code by overwriting variables you don't expect
  2. Malicious input can introduce security risks.

For example, try this:

$input = '_SERVER[DOCUMENT_ROOT]=/foo';
parse_str($input);
echo($_SERVER['DOCUMENT_ROOT']);

Wow, someone managed to change one of the variables that was storing server-configuration data. This could easily break stuff like content-management code that will then save files to the wrong place, or to bypass "must be a subfolder of" checks.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Don't use parse_str() without the second argument would be better advice :)
Fair enough, but I'd still argue it's ancient and syntactically barbaric :p JSON also offers Marcus the terse 1,2,3 style he's asking for.
It's very useful in situations where you need to decode a given url.
@Jack The query portion, I suppose, but the other 99% of the time the stuff you want is already in $_GET.
As with anything, you need to know when to use something.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.