Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
passing information in URL
i want to pass additional information within a get simple url link.

Example (additional information goes here without the parenthesis)

This additional information will be used by a PHP script embedded within the "test" page.

How would i achieve this ?

Thanks Smile
well do you need this link in a menu ? Or just something you will put somewhere?

you just add querystrings on


and to get this info

echo $_GET['anotherthing'];

you always want to sanitize this stuff though if you are outputing it to the page or using it for a file or something.
This is what most xss or injection attacks are based on.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix
I have created two test pages.


The first page contains a properly formatted link as per your information:

<a href="">Test</a>


The second page contains embed code for a youtube player.

echo "No Video here!";
} else {
$ytid = $_GET['ytid'];
<p><iframe allowfullscreen="" frameborder="0" height="315" src=";?php echo $ytid; ?&gt;" width="560"></iframe><!--?php

When I click on the link embedded on the first page - the following happens:

The youtube id is being displayed in the url.
The second youtube embed page is accessed and displayed.


The youtube id is not interacting with the PHP script - and the youtube video is not loading.

The following youtube error message displays on the youtube embed page - "An error occured, please try again later. LEARN MORE".

I inspect the HTML code on the youtube embed page - and there is no youtube ID present in the embed code displayed in the web browser.

<div class="page-text"> <?php if(!isset($_GET['ytid']){ echo "No Video here!"; } else { $ytid = $_GET['ytid']; ?> <iframe width="560" height="315" src="<?php echo $ytid; ?>" frameborder="0" allowfullscreen></iframe> <?php } ?>

What am I doing wrong ?
your browser might detect a xss injection and filter it out, check your console.

Anyone can stick any code they want on your url and send the link to someone, you never output user input.
NEW: SA Admin Toolbar Plugin | View All My Plugins
- Shawn A aka Tablatronix

Users browsing this thread: 1 Guest(s)