store objects in $_GET

how can i store an object in the $_GET array in PHP. i want to pass an object containing database information from one page to another page via the $_GET array, so there would be no need to access the database again.

Answers


To pass any sort of object, you'd have to serialize it on one end, and unserialize it on the other end.

But note that this will not work for database connections themselves : the connection to the database is automatically closed when a PHP script ends. You could pass some connection informations, like login, host, or stuff like that (but that would not be a good idea -- quite not safe to expose such critical informations !) ; but you cannot pass a connection resource.


Really, you should be passing data from one page to another via the $_SESSION variable instead, if possible. That is what sessions are for. Ideally just store an id in the session and look up the data on each page. If you do use $_SESSION then it is as simple as ...

$_SESSION['myarray'] = $myarrayobject;
$_SESSION['someotherthing'] = 42;

If you have to use $_GET, then I would recommend just passing an id of some kind, then re-looking up the data on each page refesh.

Keep in mind, it would be easy for a malicious user to change the values that are sent via $_GET between pages, so make sure there is nothing that can be abused in this information.


You would need to serialize it to text (possibly using json_encode), then generate a URL that included it in the query string (making sure that it was urlencoded)


That's very bad idea. Database were invented to serve each request, while query string were designed to pass only commands and identificators, not tons of data between browser and server


Instead of using get, another possibility to pass something from one page to another is to use the $_SESSION array and then to unset that variable on the other side whenever you're done with it. I've found that to be a pretty good way to do this.

Like everyone else has said though, passing database information can be a bad idea, assuming the information you're passing isn't something like username, first name, etc. If that's what you're passing when you say "database information" then I would store all that stuff in the $_SESSION variable and then destroy their session when they log out. Don't store the entire connection or something.


As has been said before you should avoid (mis-)using GET parameters as a "cache" for overly complex and loooong data. On the other hand your question is vague enough to assume that you want to transmit only a few values. And your "second" script needs nothing else from the database, in fact it might not even have to check if those values came from a database at all. In this case extract the values from your database result and append them as parameters to the url. Try to make the parameter list as simple as possible but yet unambiguous. http_build_query() can help you with that. But keep in mind that you want to keep GET operations idempotent as described in http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html.

if ( isset($_GET['a'], $_GET['b'], $_GET['c']) ) {
  // this doesn't care about the values in the database at all.
  echo 'product: ', $_GET['a'] * $_GET['b'] * $_GET['c'], "\n";
}
else {
  $pdo = new PDO("mysql:host=localhost;dbname=test", 'localonly', 'localonly'); 
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
  // let's make it a self-contained example (and extra constly) by creating a temproary table ...
  $pdo->exec('CREATE TEMPORARY TABLE foo (id int auto_increment, a int, b int, c int, primary key(id))');
  // ... with some garbage data
  $stmt = $pdo->prepare('INSERT INTO foo (a,b,c) VALUES (?,?,?)');
  for($i=0; $i<10; $i++) {
    $stmt->execute(array(rand(1,10), rand(1,10), rand(1,10)));
  }

  foreach( $pdo->query('SELECT a,b,c FROM foo', PDO::FETCH_ASSOC) as $row) {
    printf('<a href="?%s">%s</a><br />',
      http_build_query($row),
      join(' * ', $row)
    );
  }
}

Need Your Help