This question already has answers here:
URL rewriting with PHP
(5 answers)
Closed 7 years ago.
Perhaps I'm using the wrong search terms to try to find this online, but I am trying to accomplish the task of passing a variable in a URL path, with using an identifier.
For example, here is my current URL: http://www.myurl.com/test/index.php?name=bob
On my index.php page, I would set something along the lines of $name = $_GET['name']; and have no issue using this variable.
My goal, however, would be to use the URL: http://www.myurl/test/bob/ and still be able to receive "bob" as the name variable in my script.
Is this possible, hypothetically? Thank you!
put in your htaccess a mod_rewrite statement like
RewriteRule ^test\/([a-z]+)\/?$ index.php?name=$1
One of the easiest ways to do this (and also a bit more secure) is instead of using a GET statement, using a session variable. You could change the url to be whatever you like using mod_rewrite as you have suggested, however you can still access the variable without anything special.
For instance, you just start your session like so
session_start();
then set your session variable, like so (assuming you have already defined $name):
$_SESSION['name'] = $name;
and then on the page where you'd want to get name, put session_start(); at the top of the page, and then, instead of $_GET['name'] just call the variable as $_SESSION['name'] instead.
This way you don't really need to worry about using the URL for passing the variable from one page to another. It won't be affected by rewriting.
Of course, your other option, if you wish to continue using it as a GET variable is this: https://stackoverflow.com/a/8228851/3044080
Related
This question already has answers here:
PHP include() with GET attributes (include file.php?q=1)
(7 answers)
Closed 8 years ago.
What are the security implications of passing a get variable through an include?
Example:
index.php:
$lastname = $pulleddatabasevalue;
include "../includes/header?lastname=$lastname";
header.php:
echo $_GET["lastname"];
As the variable is dynamic, I have struggled to make include() or sessions work to assign the variable $lastname with the database value within the php include. However, $_GET here has worked fine. It doesn't show up on the browser address bar, thus can't be manipulated in a hostile manner there. Is there another way someone with malicious intent could work this code? Assume that the include directory is locked and I'm only referring to index.php.
Sorry, no way to pass get parameters to included file... See:
PHP include() with GET attributes (include file.php?q=1).
Include is a strict let's name it "Physical function". To make a get request, you must make a request. Include just read the file from the server.
BTW. I'm curious, how it is possible, you made it work. I think there is some misunderstood in your code.
You should think about include, as a COPY PASTE function.
In that case:
$var = true;
include ('include.php');
include.php:
var_dump($var);
should echo bool(true).
Hope it helps.
When talking about security issues, as far as I'm concerned, include in the way I describe, should not create any new security holes. But you should check all the permissions of included files, to be 100% sure.
The security implications of outputting user supplied input is the same no matter how it is done: ESCAPING AND VALIDATION IS ESSENTIAL! Otherwise you are implementing big security holes.
Apart from that, there isn't any difference whether you directly access $_GET, or first stuff that value into another variable and access that inside your include.
The only difference is of general software maintenance: The former usually is considered bad because it is access to a global variable, while the latter might be part of a function call and might encapsulate the variable name better.
Your code, however, is wrong. You cannot pass query parameters as part of the filename. It works because $_GET is available as an array everywhere without any further code (read "superglobal variable" in the PHP documentation).
Keep it simple and don't confuse...
index.php
$lastname = $pulleddatabasevalue;
include "../includes/header.php";
header.php
echo $lastname;
External refs. and recommended read:
http://www.php.net/manual/en/function.include.php
http://www.php.net/manual/en/reserved.variables.get.php
So I've search far and wide to try and find an example of this but found nothing. It seems like a simple thing however I continue to get errors.
Essentially what I've got is:
<?php
$articleCount = 3;
include('/newsArticles.php?id=$articleCount');
?>
It seems fairly self explanatory. What I need is an include that I can pass a value on into the file which I can then grab with $_GET['id'].
You can't add a query string (Something like ?x=yyy&vv=www) onto an include like that. Fortunately your includes have access to all the variables before them, so if $_GET['id'] is defined before you call:
include('/newsArticles.php');
Then newsArticles.php will also have access to $_GET['id'];
You don't need to pass a $_GET variable. Just set it, and reference it in your included file.
Your included file will have access to $articleCount without any additional work needed.
Try this:
$_GET['id'] = 3;
include('/newsArticles.php');
Since you are including a script it would seem as though you have access to the script itself. Even if you don't have access to the script you can edit the $_GET variable from within the script you showed above, like this:
<?php
$_GET['id'] = 3; // or $_GET['id'] = $articleCount;
include('/newsArticles.php');
?>
That's because the script newsArticles.php has the same access to the $_GET variable, unless the script was specifically created so that it extracts the variables from the URL.
Try it.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
passing variable between pages
I need to create a variable that I can use in one PHP page to assign a category to this variable. When I've assigned a value, how I can pass that value to another PHP page?
Do I have to use a global variable?
You can pass variables from page to page using:
Sessions.
A common config file that is included throughout all of your pages.
Forms (hidden fields etc).
Cookies.
Each approach has its own use, so you'll need to choose according to the circumstance. If the variable in question will stay the same throughout your app, I'd suggest placing it in a config file. If its a user-specific variable, I'd suggest using sessions.
Its depend on you what you want to use for passing value from one php page to another.
You can use Session, Cookie or Forms by using $_GET and $_POST method:
Example : By using Session
//page1.php
session_start();
$_SESSION['name'] = $name;
//you can access this in page2.php
session_start();
echo $_SESSION['name'];
Example : By using Cookies
//page1.php
setcookie(name, value, expire, path, domain);
//you can access it in page2.php like this
echo $_COOKIE["name"];
Example : By using GET and POST
You can use GET with anchor tag and for POST you need form submission.
Read more about GET and POST :
http://php.net/manual/en/reserved.variables.post.php
http://php.net/manual/en/reserved.variables.get.php
Hope this information will help you
I'm kind of a noob at this stuff.
But I've been browsing around and I see sites that are kind alike this
www.store.com/product.php?id=123
this is really cool. but How do I do it?
Im stuck using something like this
www.store.com/product/product123.php
If you could tell me how I can go about do this it would be awesome!
What you're looking at is a $_GET argument.
In your PHP code, try writing something like this:
$value = $_GET['foo'];
Then open your page like this:
hello.php?foo=123
This will set $value to 123.
You need to use the $_GET here.
if you use the following:
?id=123
then this will be how to use it and the result
$_GET['id'] (returns the 123)
You can use as many $_GET arguments as you need, for example:
?id=123&foo=bar&type=product
$_GET is an array of what parameters are in the url, so you use it the same way as an array.
Create a file called product.php with this code:
<?php
echo "The argument you passed was: " . $_GET['id'];
?>
Now run this URL in your browser:
http://<yourdomain>/product.php?id=123
and you will understand how $_GET works.
Those are called URL parameters (what they're contained in is called a query string), and they're not unique to PHP but can be accessed in PHP using the $_GET superglobal.
Similarly, you can get POST parameters using the $_POST superglobal, though in POST requests, these parameters are not appended to the URL.
Note: Generally, for usability purposes (and thus also SEO purposes), you want to avoid using query strings as much as possible. These days, the standard practice is to use URL rewriting to display friendly URLs to the user. So your application might accept a URL like:
/products.php?id=32
But the user only sees:
/product/32
You can do this by using mod_rewrite or similar URL rewriting capabilities to turn the friendly URL into the former query string URL internally, without having the user type out the query string.
You might want to have a look at the documentation at www.php.net, especially these pages: http://www.php.net/manual/en/reserved.variables.php
Specifically, have a look at $_GET and $_POST, which are two frequently used ways to transmit information from a browser to the server. (In short, GET-parameters are specified in the URL, as in your question, while POST-parameters are "hidden from view", but can contain more data - typically the contents of forms etc, such as the textbox you posted your question in).
I have successfully created clean url for my project.. now what i need to do is add variables to URL..
localhost/user1/file?action=add
localhost/user2/file2?action=delete
where user and file are already rewritten i dont want it to be like localhost/user/file/add because localhost/user/folder/file will be mistaken to to the action parameter.. please help
Try using the ampersand instead of question mark:
localhost/user2/file2&action=delete
In your htaccess, the rewrite rule might look something like this:
RewriteRule ^user([0-9]+)/file([0-9]+)$ /page\.php?user=$1&file=$2
As you can see, the question mark is already there even though it is masked in the address bar. Appending another variable to the query string would require the ampersand for successful concatenation.
You need to get the url and start parsing the url from the question mark. I would save the contents then to an array, so that you've got a key and a value.
$uri = $_SERVER["REQUEST_URI"];
$questionMark = explode('?',$uri);
$questionMark[1] is the action=delete then. There are probably better ways then using explode() method here, but I just wanted to show how you get the string.
You can read GET variables in PHP by accessing the global $_GET array:
http://php.net/manual/en/reserved.variables.get.php
In your example, the php file that is used for handling files would be able to read in:
echo $_GET['action']; // 'add' or 'delete'