Hello and thanks in advance for any suggestions you can lend.
What I am trying to accomplish: When a user clicks a link I want to add an auto-increment id, clicked URL and time stamp to the database and then send them to the URL links landing page.
The problem I am having: When the link is clicked the URL is not added to the database and the redirect also fails.
Here is the code I am working on:
ad_click_tracking.php
<?php
include ("admin/includes/connect.php");
mysql_select_db("$database") or die(mysql_error());
//Collecting the destination URL from the clicked link
$redirect = mysql_real_escape_string($_GET['page']);
//Insert destination URL and time stamp into MySQL
$page_insert = mysql_query("INSERT INTO ad_click_tracking (`url`, `date`) VALUES ('$redirect', now())") or die(mysql_error());
//Redirecting user to the clicked URL
header("Location: $redirect");
//Debugging to see if we collected the URL
echo "Redirect URL: $redirect";
?>
header.php (Contains the links to be tracked - the first link is internal the second link is external)
<img src="/images/header_banner/recycling_kansas_city_header.png" width="620px" height="340px" alt="Recycling Banner" title="Recycling Kansas City"></li>
<img src="/images/header_banner/funny_bunny_5k_autism_egg_hunt.png" width="620px" height="340px" alt="Paws 4 Autism" title="Paws 4 Autism Easter Event"></li>
When I click the internal or external link the browser displays the URL as recyclingkansascity.com/ad_click_tracking.php?page= and then when I check the database the id has been auto-incremented and the timestamp is inserted but the URL is null. For some reason the ($_GET['page']) seems to be failing to grab the page URL and I have not been able to figure out why as of yet. I read through relevant "similar questions" and was not able to find an answer.
A better way to create your links would be with PHP code such as this:
$url = 'http://paws4autism.org';
echo '<a href="http://recyclingkansascity.com/ad_click_tracking.php?page='
. htmlspecialchars(urlencode($url)) . '" target="_blank">...</a>';
This will escape the url as a query string. It may or may not work without doing this, but this is the proper way to do it. For example, http://paws4autism.org would become http%3A%2F%2Fpaws4autism.org. If you are wondering about the double escaping, here it is broken down a bit:
$url = 'http://paws4autism.org';
// escape query string when constructing url:
// (this would be necessary even if you weren't rendering it as a link in html)
$href = 'http://recyclingkansascity.com/ad_click_tracking.php?page=' . urlencode($url);
// escape for html rendering:
echo '...';
In ad_click_tracking.php, you ought to check whether $_GET['page'] is set at all before you continue. Also, it doesn't make sense to be redirecting to the MySQL-escaped version of the page parameter. So, instead of this:
$redirect = mysql_real_escape_string($_GET['page']);
// (...insert with $redirect...)
header("Location: $redirect");
I would do this:
if (!isset($_GET['page'])) {
// this is a little bit more informative than just dying
header($_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request');
die('No page specified');
}
$redirect = $_GET['page'];
$s_redirect = mysql_real_escape_string($redirect);
// (...insert with $s_redirect...)
header("Location: $redirect");
Lastly, the plain mysql library for PHP isn't really recommended for use. Mysqli (which uses nearly the same syntax) or PDO is preferred. See here: MySQL vs MySQLi when using PHP
Oh, and as for the security of doing the HTTP redirect, see this page (I recommend reading through all the answers). The only real issue is related to phishing scams. You aren't serving a file that the user normally wouldn't have access to.
php security for location header injection via $_GET
Related
I have an affiliate program and have a serious problem that I can figure out.
My affiliates have links like this...
http://example.net/?p=14&ref=delta88
Once the page loads it changes to...
http://example.net/?p=14
Which totally gets rid of the ref id. I need it to keep the whole URL in the bar in case they hit refresh. Because when you hit refresh it takes the affiliate out of the system and just let's people join without an affiliate.
The way my code works for the pages is this...
That URL goes to an index.php file. In that file it finds all the affiliates information. It then uses an include to show the page. So it's not pointing directly to the page. I need to use the include because I store about 27 pieces of data in strings and I can't put that information in a URL as queries and have it forward to that page.
I added that information because it may be because of the include that's causing it and that will help you better figure out a solution for me.
Use a SESSION, its like a variable that holds for each user, here is a tutorial but works like:
<?php
session_start();
if(isset($_GET["ref"]){
$_SESSION["ref"] = $_GET["ref"];
}
?>
Now, in any PHP that open the user, will have that variable set ( $_SESSION["ref"])
you can keep current url in variable , see below used actual_link to hold the current url data.
if($_GET){
$actual_link = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
//if you want to redirect page on same url just call header with $actual_url
header('Location: '. $actual_link);
}
I have an application where URL after rewriting are like this
http://www.domain.com/product/seller/product_id
an example link would be
http://storeiown.com/product/kitchenking/92013
This was okay but I need the title of the product to be included in the url
http://storeiown.com/product/a-very-nice-electric-cooker-by-kitchenking/92013
I achieved this too and all was good.
Now, I want all the url which do not include the title to redirect to this one.
Like, if user lands from the url without the title they should be redirected to a version of the page with the url containing the title in the url.
How do i accomplish that. And for info additional info I use CodeIgniter in the app, if that makes it any easier.
you can do this way which i use. In the previous page type this at the top:-
<?php
session_start();
$_SESSION['mainpass']= '0';
?>
And in the next page code this at the top of the page :-
<?php
session_start;
if(isset($_SESSION['mainpass'])) {
//run the current page
}else{
header("location: www.domain.com");
}
?>
If you are using codeigniter, you could try the below.
$seg3 = $this->uri->segment(3);
if(is_numeric($seg3)){
//The user has come without the header because the third segment is numeric thus probably using the product id.
//Therefore, redirect again to the proper link after getting the heading from your db
} else {
// do nothing
// the seg3 is not numeric means it probably came through normal preferred way
}
And in order to use the
$this->uri->segment(3);
You need to either
auto load the url helper
load manually when required
I am trying to set a redirect to an internal link with php. Basicaly, i am doing an app using jquerymobile, and the navigation requires that you navigate through divs rather than documents. However, the code i figured out looks like this
if (isset($_POST['insert'])) {
$post = $_POST['wish'];
$fk_id = $_SESSION['id'];
$succes = "";
$succes .= "<h1>SUCCES</h1>";
$insert_wish_sql = "INSERT INTO wishlist(wish_id, wish, fk_id, datetime) VALUES ('', '$post', '$fk_id' , CURDATE())";//insert new post
$res = mysql_query($insert_wish_sql);
if ($insert_wish_sql) {
header('Location:#wishlist');
}
}
I also tryied Location:index.php#wishlist
any ideas?
No, you can't. The Location: header is for the HTTP client, and HTTP doesn't really care about the anchor fragment. Plus, the RFCs require that URLs specified in that header be full URLs.
Now, what you can get away with sometimes is linking to the actual resource with the anchor fragment.
header('Location: http://example.com/someResource#wishlist');
Also, you should know that your code is wide open to SQL injection attacks, and you will be hacked if you haven't been already. Learn to use prepared/parameterized queries with PDO or similar to avoid this problem.
What you're trying to achieve is loading an anchor in HTML.
You should try redirecting to an absolute path, like this:
header('Location: http://host.name/index.php#wishlist');
You might also want to check out this answer.
Well I am new to this so I want to record when the user clicks on the link that php prints and query a mysql database. I know how to query the database using php already but I'm not sure if it is possible to know if the user clicked on the link.
I printed a link like so.
print ('<a id="myLink" href="http://www.google.com" target="_blank">google</a>');
To track the link, you'd need to create a link tracking script on your server. i.e. linktracker.php
Then, change your code to point the link to that script, passing the forwarding url i.e
<a id="myLink" href="http://mysite.com/linktracker.php?url=http://www.google.com" target="_blank">google</a>
In linktracker.php, you would need something like:
<?php
$url = $_GET['url'];
// update your database click count for the url
// i.e UPDATE linkclicks SET clickcount = clickcount + 1 WHERE url = '$url'
// forward the user to the end location
header("Location: $url");
You need to build a URL redirection mechanism.
$link = 'http://www.google.com';
echo '<a href="/redir.php?target="'.encodeUriComponent($link).'>google</a>';
then make a redir.php:
<?php
$targetUrl = $_REQUEST['target'];
// log this targetUrl to your MySQL database.
header( 'Location:'.$targetUrl);
I absolutely wouldn't do this in JavaScript if you want to try to track links shares or something of that nature.
add onclick="handleClick()" and write javascript function named handleClick to report the click to the server uaing ajax
Unless the link is to your own site, you'll need to use a client-side scripting language such as JavaScript (could utilise jQuery too) to send the user's click event back to the server.
Let say we've the following
Objective : User will post certain exact URL $refere to lock viewing text content and only be allowed for view if the viwer is coming from the same exact URL $refere.
$refere = "http://www.site_site.com"; // User will post it
$r = $_SERVER['HTTP_REFERER']; // To get real referral
and i want to do the following
<?PHP
if(stripos($r, $refere) == false){
echo "Wrong";
} else { ?>
echo "Go";
}
?>
It always gives me $r = $_SERVER['HTTP_REFERER']; blank ! so does it deprecated on any PHP version 4 or 5 whatever !
Also
what is the user posted $refere like https:// or missed www. or only posted site_site.com while the $r = $_SERVER['HTTP_REFERER']; showing www.site_site.com
so can anyone help me to adjust this code to be working fine no matter the user posted the $refere link fully or only site_site.com.
The $_SERVER['REFERER'] variable will only be set when you click a link to your page from another page and if the browser (or an eventual proxy or firewall you're on) isn't removing the referer header.
To your second question: do some string comparisons. The functions strpos() and substr() will be of great help.