This is a link I have as part of my .php page.
<li>Stats</li>
'GET' is used to obtain the variable from the URL of the current page (not Information.php). The URL for the current page is http://localhost/Current.php?AssignedI=AI03#
AssignedI = AI03 (it is a string).
When selecting the link, and the Information.php opens, the URL is displayed as:
Information.php?AI=%27
I understand that %27 is the actually ' - when decoded into text. However, how can I make it so that it displays the actual AssignedI - i.e. 'AI03'.
On the Information.php, I have the following code:
$AI = $_GET['AI'];
echo $AI;
This outputs '.
I have been trying to figure this out for a while so any help is much appreciated.
AssignedI = AI03
if i understand the output you want is
Stats
you do not need all those single and double quote i think you are mixing the server side code and client side code
Server side :
<?php echo $_GET[AssignedI] ?>
your server will find all the php tag and output them as html in the file so basically your echo will be output to the link before the browser even read the link
<li>
Stats
</li>
this should ouput what you want. without the ' ... then once you click the link in information.php
$AI = $_GET['AI'];
echo $AI;
should echo AI03 with no quote
I solved this an alternative way.
This is my edited hyperlink:
<li>Stats</li>
I obtained the current URL http://localhost/Current.php?AssignedI=AI03#, using $_SERVER['REQUEST_URI'] and the last four characters, which contained the 'AI' were obtained (using substr(..., -4).
Related
I know there must already has this question been asked but I didn't find the answer cause I don't know how to search exactly what I want.
So, I wanna make such a link http://example.com/index.php?cat=about where I should insert some about info. But I don't know how to make a page with this URL containing ? symbol and other stuff, or how to edit that page then, where to edit and etc.
About Us
I've also made cat.php file but what next?
In your index.php file you can use the following:
if(isset($_GET['cat']) { // means if the user use the url with ?cat=something
echo "<1>About {$_GET['cat']}</h1>"; //print the about of the cat as html
}
OK, Suppose you've two PHP files. page_a.php & page_b.php.
page_a.php
<?php
echo "<a href='page_b.php?cat=about'>Click Me</a>";
page_b.php
<?php
print_r($_GET); // Show all GET contents
echo $_GET['cat']; // Show what content exist in 'cat' part of url
Hope, this will clear your doubt of how to send data in url from one page to another using GET mehtod.
To store variable data in the url, you can use the query string. This is the portion of the url that immediately follows the protocol, domain name and file path
The query string begins with ? and may contain one or more parameter parameter value pairs. The parameter and parameter value are separated by =. Each pair is separated by &.
Let's suppose you do development for a tourism company called Gi Tours which provides content in 3 different languages. Because site visitors will want to be able to select their preferred language, you can provide flag images that will indicate a certain language and wrap those flags with the appropriate hyperlinks. Rather than writing out the full language name, you can simply assign id numbers to represent each like this:
<?php
echo "<img src=\"img/ge.png\">";
echo "<img src=\"img/en.png\">";
echo "<img src=\"img/ru.png\">";
?>
If a visitor clicks the second flag which loads this url: https://www.gitours.ge/index.php?lang=2, your index.php code can be written to extract the value assigned to lang by using $_GET["lang"].
If you write in your index.php file:
<?php
echo $_GET["lang"];
?>
Your code will display:
2
Or on your index.php file, you can easily generate dynamic page content using $_GET array data.
<?php
if(isset($_GET["lang"])){ // this checks if lang exists as a parameter in the url
$lang=$_GET["lang"]){ // $lang will equal the value that follows lang=
}else{
$lang=1; // if there was no lang parameter, this sets the default value to 1
}
if($lang==2){
// show English content
}elseif($lang==3){
// show Russian content
}else{
// show Georgian content
}
?>
This is, of course, a simplified demonstration; other techniques can be used to interact with the $lang value.
#Lasha Palelashvili let suppose below example:
above you are sending only one input parameter cat through url to the index.php file at server side so when you send this data from url it will send by get method by default, if you want to get this url info(input parameter) at the php side so $_GET will help you to fetch that info $_GET is actually an array which stores your input parameter as key and input parameter's value as value for your case("index.php?cat=about") $_GET array will contain value like below:
$_GET = array("cat" => "about")
now at the server side you can easily get the value like:
//index.php
<?php
$cat = $_GET["cat"];
echo $cat;
?>
I am trying to sanitize my GET variables but Accuntrix is still complaining for some reason.
So I visit a page and the URL contains parameters. I pass these parameters between pages. To do this I do
something like the following
<a class="navbar-brand" href="https://someDomain/someFolder/someFile.php?WT.var1=<?php echo $_GET['WT_var1']; ?>&var2=<?php echo $_GET['var2']; ?>&var3=<?php echo $_GET['var3']; ?>&var4=<?php echo $_GET['var4']; ?>" title="logo"><img src="logo.png"></a>
I have lots of links like this on the page, and when I first ran the page it was vunerable to cross site scripting because
I was not sanitizing the GET requests. So at the top of the page, I put
<?php
$_GET['WT_var1'] = htmlspecialchars($_GET['WT_var1']);
$_GET['var2'] = htmlspecialchars($_GET['var2']);
$_GET['var3'] = htmlspecialchars($_GET['var3']);
$_GET['var4'] = htmlspecialchars($_GET['var4']);
?>
Initially, this seemed to work. But I have recently run another scan, and every single link like the above shows up as a high.
The details look something like this
URL encoded GET input WT.var1 was set to 1}body{acu:Expre/**/SSion(prompt(926954))}
The input is reflected inside a text element.
And the exploit looks like this
/someFolder/someFile.php?WT.var1=1%7dbody%7bacu:Expre/**/SSion(prompt(941830))%7d&var2=&var3=&var4=
Is that not showing a sanitized url though? Is this something I need to fix or is it a false/negative?
Thanks
htmlspecialchars() encodes your variable for output as content in an html page. If you need to pass your variables through the url, you need urlencode(().
So for example:
...someFolder/someFile.php?WT.var1=<?php echo urlencode($_GET['WT_var1']); ?>&var2...
I am trying to find next page's link of a particular page(i call that particular page as current page here).The current page in program i am using is
http://en.wikipedia.org/wiki/Category:1980_births
The next page link which i am extracting from the current page is the below one
http://en.wikipedia.org/w/index.php?title=Category:1980_births&pagefrom=Alexis%2C+Toya%0AToya+Alexis#mw-pages
But ,, when file_get_contents() function load the next page link it's getting the the current page contents ,,,
The code is
<?php
$string = file_get_contents("http://en.wikipedia.org/wiki/Category:1980_births"); //Getting contents of current page ,
preg_match_all("/\(previous page\) \(<a href=\"(.*)\" title/", $string,$matches); // extracting the next_page_link from the current page contents
foreach ($matches[1] as $match) {
break;
}
$next_page_link = $match;
$next_page_link = "http://en.wikipedia.org" . $next_page_link; //the next_link will have only the path , does't contain the domain name ,,, so i am adding the domain name here, this does't make any impact on the problem statement
$string1 = file_get_contents($next_page_link);
echo $next_page_link;
echo $string1;
?>
As per the code string1 should have next_page_link's content ,, but instead it just getting the current page's content.
In the source of the original web site, the links have entity-encoded ampersands (See Do I encode ampersands in <a href…>?). The browser decodes them normally when you click the anchor, but your scraping code does not. Compare
http://en.wikipedia.org/ ... &pagefrom=Alexis%2C+Toya%0AToya+Alexis#mw-pages
versus
http://en.wikipedia.org ... &pagefrom=Alexis%2C+Toya%0AToya+Alexis#mw-pages
This malformed querystring is what you are in fact passing into file_get_contents. You can convert them back to regular ampersands like this:
// $next_page_link = $match;
$next_page_link = html_entity_decode($match);
I am redirecting php page with following
<a href='invoice_details.php?ppid=".$row['sno']."'..
but I want to redirect the same with some another condition
can this be done
<a href='invoice_details.php?ppid=".$row['sno']." and 'invoice_details.php?pinv=".$row['invno']."'
You can use:
Link
And then in php:
$variable1 = $_GET['variable1']; // one
$variable2 = $_GET['variable2']; // two
$variable3 = $_GET['variable3']; // three
In your example:
<a href='invoice_details.php?ppid=".$row['sno']."&pinv=".$row['invno']."'>link</a>
Here is a little explanation about & notation: Encoding issue, coverting & to & for html using php
It is better to write html links with entity & then simple &.
More docs on get: http://php.net/manual/en/reserved.variables.get.php.
Remember to run some check on your get values, and not save / post them directly on site as this can make some security issues.
user amerpsand to add parameters to your url:
<a href='invoice_details.php?ppid=".$row['sno']."&pinv=".$row['invno']."'....
this is my code that I've written so far --
<?php
$actual_link = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$search_link = "http://www.example.com/register_complete.php?user=";
if($actual_link == $search_link)
echo "Place your conversion pixel code here";
?>
The situation is like this - Once a user completes a registration he/she lands on urls like these -
http://www.example.com/register_complete.php?user=abcd1234
http://www.example.com/register_complete.php?user=abcd12345
http://www.example.com/register_complete.php?user=abcde123456
So what I am trying to achieve is fetch the current url using $_SERVER and then matching it with my sample url which is stored in $search_link if both these match then I wish to display a particular code otherwise the code will not be displayed anywhere else in the website.
I don't know how to use wildcard entries in PHP :(
My mind tells I should have done something like this -
http://www.example.com/register_complete.php?user=*
Can anyone over here help me regarding this please?
Why so complicated? I bet you can exclude http://www.example.com/register_complete.php, because if it's not this file, it won't load the script anyways, so focus on ?user=abc
if (isset($_GET["user"])) {
echo "Place your conversion pixel code here";
}
You can also try empty()
OR if you want to compare it to certain value:
if ($_GET["user"] == "abcd1234") {
echo "Place your conversion pixel code here";
}
There is a function which could help you with your problem and that is strpos(). Check out the following link:
http://in3.php.net/strpos