i tried to find a solution for my problem for 2 hours now, but i don't know why my code does not work.
I have a sql output which looks like this:
function output(){
while($row = $this->statement->fetch()) {
$id = $row["id"];
echo '
<tr>
<td>'.$row["comname"].'</td>
<td>'.$row["district"].'</td>
<td>'.$row["industry"].'</td>
<td>"Details"</td>
</tr>
<br>
';
}
If someone click on the link "Details" i want to give out more information about that specific company. Therefore i save the id in the url to identify which company was clicked.
To check if the Details link was clicked, i wrote this:
Edit: just added the "$id = $_GET['details']" after your hints, it looks like this now:
if (isset($_GET['details'])){
$id = $_GET['details'];
echo $id;
}
}
When i click on the link "Details" it changes the URL correctly, but it doesn't print the id. (I don't only want to print the id, i just do this to check the functionality.) Why does my code not work? Is there a second "$GET" i have to use? I really don't know what is going on.
Edit: The php-code ends here, there is nothing i do afterwards.
Edit2: I tried print_r($_GET) and it looks like, the id is not even in the $GET-Array. Also the if (isset($_GET['details'])) statement is not executed.
Thank you!
You should print the $_GET['details']:
if (isset($_GET['details'])){
echo $_GET['details'];
}
Or put it in a variable:
if (isset($_GET['details'])){
$id = $_GET['details'];
echo $id;
}
$_GET[] is just an array of all GET parameters in the URL. You see them for example on https://www.google.com?q=stack+overflow where the parameter q is set to stack+overflow. So if you would echo out $_GET["q"] on that URL you would get stack+overflow. You can store it in a variable like $id and echo it out, but you need to set it first like $id = $_GET["details"];
EDIT: I just realized the code you have now is vulnerable to an attack called XSS or HTML Injection. Since we can specify the $_GET["details"] and so $id that is being echoed, an attacker can put HTML code or the <script> tag in there to execute dangerous JavaScript code on everyone that accesses the URL.
Luckily, there is an easy fix: just put the function htmlspecialchars() around whatever user input you echo. The echo you have here would become echo htmlspecialchars($id);
Related
I am trying to sanitize my GET variables but Accuntrix is still complaining for some reason.
So I visit a page and the URL contains parameters. I pass these parameters between pages. To do this I do
something like the following
<a class="navbar-brand" href="https://someDomain/someFolder/someFile.php?WT.var1=<?php echo $_GET['WT_var1']; ?>&var2=<?php echo $_GET['var2']; ?>&var3=<?php echo $_GET['var3']; ?>&var4=<?php echo $_GET['var4']; ?>" title="logo"><img src="logo.png"></a>
I have lots of links like this on the page, and when I first ran the page it was vunerable to cross site scripting because
I was not sanitizing the GET requests. So at the top of the page, I put
<?php
$_GET['WT_var1'] = htmlspecialchars($_GET['WT_var1']);
$_GET['var2'] = htmlspecialchars($_GET['var2']);
$_GET['var3'] = htmlspecialchars($_GET['var3']);
$_GET['var4'] = htmlspecialchars($_GET['var4']);
?>
Initially, this seemed to work. But I have recently run another scan, and every single link like the above shows up as a high.
The details look something like this
URL encoded GET input WT.var1 was set to 1}body{acu:Expre/**/SSion(prompt(926954))}
The input is reflected inside a text element.
And the exploit looks like this
/someFolder/someFile.php?WT.var1=1%7dbody%7bacu:Expre/**/SSion(prompt(941830))%7d&var2=&var3=&var4=
Is that not showing a sanitized url though? Is this something I need to fix or is it a false/negative?
Thanks
htmlspecialchars() encodes your variable for output as content in an html page. If you need to pass your variables through the url, you need urlencode(().
So for example:
...someFolder/someFile.php?WT.var1=<?php echo urlencode($_GET['WT_var1']); ?>&var2...
Ok so I have the code for a form that is called and works but it needs two varibles grabbed from the string of a url. I have the first and the second is the same for what im doing on any page that I am creating which is alot. Here is the code at the url: collabedit.com/9g99j
Question if Get <?php echo $_GET['id']; ?> is grabbing my id string from the url how do I use this in the echo of my function I just defined at the bottom of the code? Instead of having this: echo DescriptionGet(1256124, 50874); can someone tell me how to put something like this: echo DescriptionGet(1256124, $id);
This would make it so i dont' have to enter that id value for every page I want to create.
Thanks,
Thanks everyone for your replies and I was able to figure it out on my own and actually used exactly what the first reply was.
Now I have a new question about this function. How do I make it grab the image from that same page its grabbing the form code from? I can't figure this part out and its keeping me from doing mass automation for this site.
Anyone help?
Try this:
$id = $_GET['id'];
echo DescriptionGet(1256124, $id);
You can change your function definition from:
function DescriptionGet($c, $id)
to
function DescriptionGet($c, $id=50874)
Each time when you will call DescriptionGet($c) it will behave as you passed $id=50874 but also if you need you can call DescriptionGet($c, 20) and $id in the function will be set to 20.
And in case you want to simple use $_GET['id'] as function parameter you can simple run
echo DescriptionGet(1256124, intval($_GET['id']));
you don't even need to use extra variable.
Im trying to create some links depending on the GET parametre currently set.
My URL looks like this:
http://mysite.com/index.php?bar=test&page=page
In my code I do the following:
$bar = $_REQUEST['bar'];
<a href="index.php?bar=<?php echo $bar?>&page=anotherpage"
But every time I click the link, it adds the whole string to the URL again.
Like first click would give me this URL:
http://mysite.com/index.php?bar=test&page=anotherpagepage=anotherpage
And next click creates:
http://mysite.com/index.php?bar=test&page=anotherpagepage=anotherpagepage=anotherpage
And so on.
Is there any way to only get the request once so that the URL always looks like this:
http://mysite.com/index.php?bar=test&page=anotherpage
No matter how many times I click the link?
Thanks a lot!
You missed an ampersand in your first example. (&). Give this a try:
$bar = $_REQUEST['bar'];
<a href="index.php?bar=<?php echo $bar?>&page=anotherpage"
Or even better, escape your variables before use to prevent XSS, Cross Site Scripting security vulnerability. Use urlencode() for URLs.
http://nl.php.net/manual/en/function.urlencode.php:
$bar = $_REQUEST['bar'];
<a href="index.php?bar=<?=urlencode($bar)?>&page=anotherpage"
You should take a look on the php function http_build_query
That enables you to construct your array first, like this:
$query = array("bar"=>$_REQUEST['bar'], "page"=>"anotherpage")
echo 'Link';
Im having a really simple issue but iv looked around and cant debug it for some reason, can someone point me in the right direction??
I have a php script which dynamically generates a link
<?php
$id = 1;
echo "<a href='http://www.example.com/page.php?id='$id'>click link</a>"
?>
On example.php I have...
$userId = $_POST['id'];
then I insert $userId query...
?>
For some reason the Post vairable is not being cause by the example.php script I can see it in the URL at the top of the page but they wont make sweet passionate php love. Any thoughts? I will mention I am doing this from within an IFRAME however I tried it simply and got the same result :(
I think you mean, on page.php you have...
If that is the case, you are sending the id parameter in a GET, not a POST. To access it in your other page you need to use:
$userId = $_GET['id'];
your variable is in $userId = $_GET['id'];.
another problem is a mess with ' symbols: should be
echo "<a href='http://www.example.com/page.php?id=$id'>click link</a>"
Sorry, but you ar sending data via GET NOT POST
access it via $_GET['id'];
I'm still new to php and working my way around it but i'm stuck at the following piece:
code for deleting a row in my table
i have a link directing towards this piece of my script. i run through the first half just fine but when i press on submit and try to execute my delete query it won't go to my second if statement let alone get to the delete query.
$pgd is the page id
my hunch is there is problem with the action in the form i'm building after my while statement
forgive me for the wierd formatting of my msg but its 2am and very tired, i promise to format my questions in the future better! any help is appreciated
edit: ok other then the obvious mistake of missing method=post #.#;
edit:
hey everyone,
first of all, i'd like to thank everyone for their response.
i just started coding in php last weekend so forgive my messy codes. the code is still running locally and my main goal was to finish the functions and then work on securing my code.
now back to the issue, i'm sorry if i was vague about my problem. i'll try to reiterate it.
my issue isn´t selecting an item i want to delete, the issue is that it won´t get to the 2nd if statement.
Re-edit:
this time with my current code:
if($_GET['delete'] == "y")
{
//content hier verwijderen
$sqlcont1="SELECT * FROM content where id ='".$_GET['id']."'";
echo $sqlcont1;
$resultcont1 = mysql_query($sqlcont1) or die (include 'oops.php');
while($rowcont1= mysql_fetch_array($resultcont1)){
echo '<form class="niceforms" action="?pg='.$pgd.'&delete=y&remove=y&id='.$_GET['id'].'" method="post">';
echo '<h1>'.$rowcont1['Titel'].'</h1>';
echo '<p>'.$rowcont1['Content'].'</p>';
echo '<input type="submit" value="Delete article">';
echo '</form>';
}
if($_GET['remove']=="y"){
echo 'rararara';
$id=$_GET['id'];
$sqlrem="DELETE FROM content WHERE id="$id;
echo $sqlrem;
mysql_query($sqlrem);
}
}
echoing $sqlrem gives me the following now:
DELETE FROM content WHERE id=8
that being my current code, i get in to the second IF statement but now to get it to delete!
#everyone:
ok maybe thinking out loud or following my steps worked but the code works, i know its very messy and it needs fine tuning. i'd like to thank everyone for their help and feedback. i'm liking this and you'll probably see me alot more often with nubby questions and messy codes with no escapes :(
First of all, you have SQL injection vulnerability in your script. Anyone can add some string that will be attached to your query, possibly altering it in a way that can make almost anything with the data from your database.
Escape your values with one of anti-SQL-injection methods. Read more for example on php.net/manual/en/function.mysql-query.php
To the point...
Your deletion code will be executed only if you invoke URL with two params (remove and delete set to y. That means your URL should look similar to something.php?delete=y&remove=y. Maybe you just did not spot it.
Please give details about any errors that occured and tell me whether the above mentioned solution helped.
mysql_fetch_array() returns an array
your while statement acts as an if, and does not iterate thru the array returned as you think it does
you need something like
$all_rows = mysql_fetch_array($result);
foreach ($all_rows as $row) {
$sql = "delete from table where id = " . $row['id'];
}
It looks to me like you're mixing two forms together here: you're wanting to see if you went to the delete row form (the first few lines), and you're trying to present the delete row form (the while loop.) I would break these two things apart. Have a page that simply displays your forms for row deletes, and another page that processes those requests. And another page that brings you to the delete rows page.
For now, just echo all the values you're expecting to receive in $_GET[] and see if they are what you expect them to be.
You have a lot of problems in that script alone, so just to make things easier (considering you uploaded a pic), put an
echo $sqlrem;
in your second if statement, see if the query is displayed. If not, it means it doesn't even get to that part of code, if it gets displayed, copy it and run it in phpmyadmin. That should output a more coherent error message. Tell us what that is and we'll work it through.
I also noticed that your DELETE SQL query might have an issue. If your $pgd' id is a integer, you shouldn't include the ' single quote, that is for string only.
**Correction**
$sqlrem = "DELETE FROM content WHERE id = " . controw1['id'];
EDIT
Anyway, just to help out everyone, I typed out his code for easier viewing.
I think his error is $rowcont1['Tilel'] --> that might caused PHP to have an error because that column doesn't exist. I assumed, it should be `Title' causing an typo error.
if(_$GET['delete'] == "y") {
$sqlcont1 = "SELECT * FROM content where id ='" . $_GET['id'] . "'";
$resultcont1 = mysql_query($sqlcont1) or die (include 'oops.php');
while ($rowcont1 = mysql_fetch_array($resultcont1)) {
echo '<form class = "niceforms" action = "?pg=' .$pgd . '&delete=y&remove=y">';
echo '<h1>' . $rowcont1['Title'] . '<h1>'; // <-- error here
echo '<p>' . $rowcont1['Content'] . '</p>';
echo '<input type = "submit" value = "Delete article">';
echo '</form>';
}
if ($_GET['remove'] == "y"){
$sqlrem = "DELETE FROM content WHERE id = " . $rowcont1['id'];
mysql_query ($sqlrem);
}
}