i want to pass additional information within a get simple url link.
Example
http://www.domain.com/index.php?id=test (additional information goes here without the parenthesis)
This additional information will be used by a PHP script embedded within the "test" page.
How would i achieve this ?
Thanks
well do you need this link in a menu ? Or just something you will put somewhere?
you just add querystrings on
url?id=test&anotherthing=something&yetanother=blargh
and to get this info
echo $_GET['anotherthing'];
you always want to sanitize this stuff though if you are outputing it to the page or using it for a file or something.
This is what most xss or injection attacks are based on.
I have created two test pages.
http://www.scenicradio.com/index.php?id=test-test-test
and
http://www.scenicradio.com/index.php...t-test-uno-uno
The first page contains a properly formatted link as per your information:
<a href="http://www.scenicradio.com/index.php?id=test-test-uno-uno&ytid=SHoHIL2ABVQ">Test</a>
and
The second page contains embed code for a youtube player.
<!--?php
if(!isset($_GET['ytid']){
echo "No Video here!";
} else {
$ytid = $_GET['ytid'];
?-->
<p><iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/<?php echo $ytid; ?>" width="560"></iframe><!--?php
}
?--></p>
When I click on the link embedded on the first page - the following happens:
The youtube id is being displayed in the url.
The second youtube embed page is accessed and displayed.
However
The youtube id is not interacting with the PHP script - and the youtube video is not loading.
The following youtube error message displays on the youtube embed page - "An error occured, please try again later. LEARN MORE".
I inspect the HTML code on the youtube embed page - and there is no youtube ID present in the embed code displayed in the web browser.
<div class="page-text"> <?php if(!isset($_GET['ytid']){ echo "No Video here!"; } else { $ytid = $_GET['ytid']; ?> <iframe width="560" height="315" src="http://www.youtube.com/embed/<?php echo $ytid; ?>" frameborder="0" allowfullscreen></iframe> <?php } ?>
What am I doing wrong ?
your browser might detect a xss injection and filter it out, check your console.
Anyone can stick any code they want on your url and send the link to someone, you never output user input.