I've got this url: /admin.php?op=admin&action=delete&link=/showitems.php?id=8745
I need to get the op parameter and the action and the link parameters as well. If I code something like this:
$op = $_GET['op'];
echo $op; //the output is admin
$action = $_GET['action'];
echo $action; //The output is nothing;
$link = $_GET['link'];
echo $link; //The output is nothing;
//IF I want to sanitize the data same happens with
$op = filter_input(INPUT_GET,"op",FILTER_SANITIZE_STRING);
echo $op; //the output is admin
$action = filter_input(INPUT_GET,"action",FILTER_SANITIZE_STRING);
echo $action; //the output is nothing
$link = filter_input(INPUT_GET,"link",FILTER_SANITIZE_STRING);
echo $link; //the output is nothing
//If I go for the whole array of parameters there they are.
foreach($_GET as $key=>$value){
echo $key . " : " . $value; //The output is op : admin;action : deleteamp;link : /showitems.php?id=8745
}
what could it be the problem when I try to directly get the second or the third parameter like in this case action and link? Thanks for any advise. Greetings.
Related
I have more GET variables. I want the variables to be added after clicking. And after clicking again I want them to be removed from GET. I am a beginner and I don't know how to do it.
<?php
$tab_array['name1']=1;
$tab_array['name2']=2;
$tab_array['name3']=3;
$tab_array['name4']=4;
$url=$_SERVER[QUERY_STRING];
if(!empty($url)){
$url="&".$url;
}
?>
<form action="" method="GET">
<?php
foreach($tab_array as $key => $val){
?>
<?php echo $key;?>
<?php
}
?>
</form>
Someone will help?
Sorry for my bad English...
Code
<?php
$tab_array['name1']=1;
$tab_array['name2']=2;
$tab_array['name3']=3;
$tab_array['name4']=4;
$url='?'; // this will call the current url
// $_GET is the array your submitted data will be strored in - initially empty []
?>
<form method='GET'><!-- you actually don't need a form, since only input, textarea, etc get submitted -->
<?php
// save current state, so you can modify it for every possible click
$current_get = $_GET;
foreach($tab_array as $key => $value) {
$new_get = $current_get;
// check if the current key is already in your set ($new_get)
if (array_key_exists($key, $new_get)) { // it is, so remove
unset($new_get[$key]);
} else { // it is not, so add
$new_get[$key] = $value;
}
// build your query_string (from $new_get array)
$query_string = http_build_query($new_get);
// you can use variables in string when its encapsulated in double quotes: "text $var"
echo "<a href='$url$query_string'>$key</a>";
// more readable:
// echo "<a href='{$url}{$query_string}'>{$key}</a>";
// not need but looks better :P
echo '<br />' . PHP_EOL;
}
?>
</form>
A little more
there is a shortcut for <php echo $var ?> which is just <?= $var ?>
Links
array_key_exists
unset
http_build_query
I am designing a php application using AJAX and PHP.
But the if statement in my php file behaves unexpectedly.
The request method is 'POST';
Ajax code is
function fetchData(){
var recipename = document.getElementById("recipe").value;
var calorie = false;
createRequestObject();
//window.alert(calorie);
var url = "reciepinfo.php";
xmlHttp.open("POST",url,true);
xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
window.alert(calorie);
xmlHttp.send("recipe="+recipename+"&calorie="+calorie);
xmlHttp.onreadystatechange = function(){
if(xmlHttp.readyState===4 && xmlHttp.status===200){
document.getElementById("target").innerHTML = xmlHttp.responseText;
}
}
}
And php code is:
<?php
$_SESSION['flag']=false;
if($_SESSION['flag']==false){
session_start();
$_SESSION['flag']=true;
}
$recipename = $_REQUEST['recipe'];
$calorie = $_REQUEST['calorie'];
echo $calorie;
$calorietemp = 0;
//echo $recipename;
$database = "nutrition";
$link = mysqli_connect('localhost','root','',$database);
$query = "select * from recipestb where name='$recipename'";
//$result = mysqli_query($link,$query);
//$obj = mysqli_fetch_object($result);;
if($link){
$result = mysqli_query($link,$query);
$obj = mysqli_fetch_object($result);
//$arr = mysqli_fetch_array($result);
//$names = "";
if(is_object($obj)){
echo "<i/>";
echo "<font size='5'>";
echo "Recipe name: ".$obj->name;
echo '<br/>';
echo "Carbohydrates : ".$obj->carbs." grams";
echo '<br/>';
echo "Proteins: ".$obj->protein." grams";
echo '<br/>';
echo "Fat: ".$obj->fat." grams";
echo '<br/>';
echo "Calories: ".$obj->calorie." cal";
$calorietemp = $obj->calorie;
echo '<br/>';
}else{
echo "non object";
}
}else{
echo "Connection failed";
}
if($calorie==true){
echo $calorie;
$_SESSION['caloriecount'] = $_SESSION['caloriecount'] + $calorietemp;
echo "Total calorie in diet :".$_SESSION['caloriecount'];
}
My session handling is weird i accept, but neglecting that, even the variable calorie is explicitly set to false, the if block executes.The echo $calorie statement also executes and it displays $calorie as false.
And i am not getting what is going wrong exactly.
Almost irritated with this.
Can anybody help?
EDIT1:
The php code is fine...
Ajax code has some problem...
When i set the $calorie to false in php code..
It behaved properly..
Leaving the session handling aside, the $calorie problem ...
You pass the data via AJAX as strings.
$calorie = 'false';
var_dump((true == $calorie));
You will get always bool(true). Using your AJAX example above, try this snippet instead (and use POST instead of REQUEST):
$calorie = ('true' == $_POST['calorie']);
var_dump($calorie);
// produces `bool(false)`
As a beginner i was unaware that the java-script variable with value false is passed as a string "false" to a server side script like PHP.
If we use a boolval(), in PHP this issue can be resolved.
PHP boolval()
I set the $calorie in my java-script to 0 or 1 as per my need.
When i wanted the false value to be sent to PHP script ,i set $calorie in java-script to 0 and the boolval() in corresponding PHP script evaluated it as false.
So the issue was resolved.
I'm still new to php and I've made a script that checks the language of the website and if it's English set's the button link to an english page and else to another page.
Here goes:
<?php
$link1 = "http://www.uvt.ro/ro/accesibilitate/";
$link2 = "http://www.uvt.ro/en/accesibilitate/";
$url = "";
if($_SESSION["lang"]->lang!="ro"){
$url = $link2;
}
else {
$url = $link1;
}
?>
Button
It's supposed to be simple, I don't know why it doesn't work.
You'd echo the $url like so:
<?php
$link1 = "http://www.uvt.ro/ro/accesibilitate/";
$link2 = "http://www.uvt.ro/en/accesibilitate/";
$url = "";
if ($_SESSION["lang"]->lang != "ro") {
$url = $link2;
}
else {
$url = $link1;
}
?>
Button
You can condense the code to this using the ternary operator:
<?php
$link1 = "http://www.uvt.ro/ro/accesibilitate/";
$link2 = "http://www.uvt.ro/en/accesibilitate/";
$url = ($_SESSION["lang"]->lang != "ro") ? $link2 : $link1;
?>
Button
You have to echo $url in tag.
Button
Button
replace with:
Button
OR
Button
you can try this one:
See the page
<?php
$test = $_GET['p'];
?>
Test
or
Try like
HTML in PHP :
echo "<a href='".$link_address."'>Link</a>";
Or even you can try like
echo "<a href='$link_address'>Link</a>";
Or you can use PHP in HTML like
PHP in HTML :
Link
i simply pass 3 values to the URL and while testing i was trying to echo them back to the screen but it will only echo each value once even though i have set it to echo at various points. once i escape the value it wont let me echo it. Why is this?
<?php
session_start();
if (isset($_SESSION['SESSION_C']) && ($_SESSION['SESSION_C']==true))
{
$getyear = $_GET["Year"];
echo $getyear; (IT WILL ECHO AT THIS POINT)
$getyear = mysql_real_escape_string($getyear);
echo $getyear; (BUT WONT ECHO HERE)
$getsite = $_GET["Site"];
echo $getsite;
$getsite = mysql_real_escape_string($getsite);
echo $getsite;
$getsite = str_replace(' ', '', $getsite);
echo $getsite;
$getdoc = $_GET["Doc"];
echo $getdoc;
$getdoc = mysql_real_escape_string($getdoc);
echo $getdoc;
}
else
{
echo "sessionerror";
}
?>
mysql_real_escape_string() requires a open connection to mysql. Otherwise it will return false. I guess var_dump($getdoc); will give you boolean(false).
You'll have to call mysql_connect() before that code.
Hey guys, I've gotten as far as my code below, but I am trying to create an AJAX search form that is 'safe' on my wordpress blog, by detecting the session variable or a cookie or something
<?php
#session_start();
If (!array_key_exists(‘authed’, $_SESSION))
{
include ‘not_authed.inc’;
exit();
}
// go about your business.
?>
and i'm trying to add that to this:
<?php
function checkValues($value)
{
// Use this function on all those values where you want to check for both sql injection and cross site scripting
//Trim the value
$value = trim($value);
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Convert all <, > etc. to normal html and then strip these
$value = strtr($value,array_flip(get_html_translation_table(HTML_ENTITIES)));
// Strip HTML Tags
$value = strip_tags($value);
// Quote the value
$value = mysql_real_escape_string($value);
return $value;
}
mysql_connect ("mysql.*****.com", "****","$*****") or die (mysql_error());
mysql_select_db ("***********");
$term = checkValues($_REQUEST['val']);
$term = mysql_real_escape_string($term);
$sql = mysql_query("select * FROM patient_db WHERE id_number = '$term'");
if($row = mysql_fetch_array($sql)) {
echo "<img src=\"******\" class='leftfloat' border=0>";
echo '<p>';
echo '<br /> ID Number: ' .$row['id_number'];
echo '<br /> Name: ' .$row['Name'];
echo '<br /> Exp. Date: ' .$row['exp_date'];
echo '<br /> DOB: ' .$row['dob'];
echo '</p>';
//echo "<a href='******' title='Printer Friendly Version' alt='Printer Friendly Version'><img src=\"*****\" class='rightfloat' border=0 height=33 width=33></a>";
} else {
echo "<img src=\"*****\" height=50 width=50 class='leftfloat' border=0>";
print "<h1>USER ID <br/>NOT FOUND</h1><br />";
print "<strong>OOPS!! THIS COULD BE AN ERROR</strong><br />";
print "<br />";
print "<div>*****</div>";
}
?>
The problem you are going to have is that the AJAX request is a separate session / cookie as it is a completely different process not tied into to the browser.
So how do you go about authenticating someone? A Token of sorts. So you would create a hash, which would need to be stored in the database for the user, which can be regenerated upon login etc. Then you would use this token to validate that user and allow the AJAX submission to work.
Hopefully that gets the ball rolling for you. So in your AJAX push script you would just appened a variable to the GET or POST data called token and then check it on the receiving PHP script. There are other ways of doing it, this is just one that I know of :)