GetSimple Support Forum

GetSimple Support Forum > GetSimple > General Questions and Problems > passing information in URL
Full Version: passing information in URL
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

saint

2013-11-20, 13:01:22
i want to pass additional information within a get simple url link.

Example

http://www.domain.com/index.php?id=test (additional information goes here without the parenthesis)

This additional information will be used by a PHP script embedded within the "test" page.

How would i achieve this ?

Thanks Smile

shawn_a

2013-11-21, 00:31:16
well do you need this link in a menu ? Or just something you will put somewhere?

you just add querystrings on

url?id=test&anotherthing=something&yetanother=blargh

and to get this info

echo $_GET['anotherthing'];

you always want to sanitize this stuff though if you are outputing it to the page or using it for a file or something.
This is what most xss or injection attacks are based on.

saint

2013-11-23, 06:09:22
I have created two test pages.

http://www.scenicradio.com/index.php?id=test-test-test

and

http://www.scenicradio.com/index.php...t-test-uno-uno



The first page contains a properly formatted link as per your information:

<a href="http://www.scenicradio.com/index.php?id=test-test-uno-uno&ytid=SHoHIL2ABVQ">Test</a>

and

The second page contains embed code for a youtube player.

<!--?php
if(!isset($_GET['ytid']){
echo "No Video here!";
} else {
$ytid = $_GET['ytid'];
?-->
<p><iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/&lt;?php echo $ytid; ?&gt;" width="560"></iframe><!--?php
}
?--></p>



When I click on the link embedded on the first page - the following happens:

The youtube id is being displayed in the url.
The second youtube embed page is accessed and displayed.


However


The youtube id is not interacting with the PHP script - and the youtube video is not loading.

The following youtube error message displays on the youtube embed page - "An error occured, please try again later. LEARN MORE".

I inspect the HTML code on the youtube embed page - and there is no youtube ID present in the embed code displayed in the web browser.

<div class="page-text"> <?php if(!isset($_GET['ytid']){ echo "No Video here!"; } else { $ytid = $_GET['ytid']; ?> <iframe width="560" height="315" src="http://www.youtube.com/embed/<?php echo $ytid; ?>" frameborder="0" allowfullscreen></iframe> <?php } ?>


What am I doing wrong ?

shawn_a

2013-11-23, 06:16:22
your browser might detect a xss injection and filter it out, check your console.

Anyone can stick any code they want on your url and send the link to someone, you never output user input.
GetSimple Support Forum > GetSimple > General Questions and Problems > passing information in URL