Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
passing information in URL
#1
i want to pass additional information within a get simple url link.

Example

http://www.domain.com/index.php?id=test (additional information goes here without the parenthesis)

This additional information will be used by a PHP script embedded within the "test" page.

How would i achieve this ?

Thanks Smile
Reply
#2
well do you need this link in a menu ? Or just something you will put somewhere?

you just add querystrings on

url?id=test&anotherthing=something&yetanother=blargh

and to get this info

echo $_GET['anotherthing'];

you always want to sanitize this stuff though if you are outputing it to the page or using it for a file or something.
This is what most xss or injection attacks are based on.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply
#3
I have created two test pages.

http://www.scenicradio.com/index.php?id=test-test-test

and

http://www.scenicradio.com/index.php...t-test-uno-uno



The first page contains a properly formatted link as per your information:

<a href="http://www.scenicradio.com/index.php?id=test-test-uno-uno&ytid=SHoHIL2ABVQ">Test</a>

and

The second page contains embed code for a youtube player.

<!--?php
if(!isset($_GET['ytid']){
echo "No Video here!";
} else {
$ytid = $_GET['ytid'];
?-->
<p><iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/&lt;?php echo $ytid; ?&gt;" width="560"></iframe><!--?php
}
?--></p>



When I click on the link embedded on the first page - the following happens:

The youtube id is being displayed in the url.
The second youtube embed page is accessed and displayed.


However


The youtube id is not interacting with the PHP script - and the youtube video is not loading.

The following youtube error message displays on the youtube embed page - "An error occured, please try again later. LEARN MORE".

I inspect the HTML code on the youtube embed page - and there is no youtube ID present in the embed code displayed in the web browser.

<div class="page-text"> <?php if(!isset($_GET['ytid']){ echo "No Video here!"; } else { $ytid = $_GET['ytid']; ?> <iframe width="560" height="315" src="http://www.youtube.com/embed/<?php echo $ytid; ?>" frameborder="0" allowfullscreen></iframe> <?php } ?>


What am I doing wrong ?
Reply
#4
your browser might detect a xss injection and filter it out, check your console.

Anyone can stick any code they want on your url and send the link to someone, you never output user input.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
Reply




Users browsing this thread: 2 Guest(s)