I have a site with a page in it that dynamically pulls a family profile from a database that contains a bunch of family data.
The generated url looks something like this:
http://example.com/family/?name1-name2/
I have a contact form on this page, and I want to include the current url in each contact submission so that I can tell which family's page the form is coming from.
I don't know much php at all, I'm wondering what php can be used to grab the url.
Use this to get current URL of your page:
echo $_SERVER['REQUEST_URI'];
In general the $_SERVER variables will get you what you need. Try adding the following on your page to see what's available:
var_dump($_SERVER)
in general, $_SERVER['REQUEST_URI'] will do the job. It'd output /family/?name1-name2/
Related
I ran a pentest on my app and it should an XSS issue. Essentially, I could do a url like the following and it would give me a popup
https://test.com/index.php?id=12345'><script>alert(1)</script>
So I have implemented something which I hope resolves this issue. At the top of the page I do
$_GET['id'] = urlencode($_GET['id']);
Within the page content, I might then have a link to another page like so
Link
When I now test the page, no pop up is displayed. The pentest is also clear. However, someone else in another location is trying it and they still get the popup. I just wanted to make sure that what I have done is ok?
Additionally, when I view the link in firebug, I see the link with the script part. Should this not be displaying as sanitized within firebug?
Any information appreciated.
Thanks
I think you're looking for htmlentities
I would set it to an intermediate variable, since you're using the $_REQUEST array later instead of $_GET
$id = urlencode(htmlentities($_GET['id']));
and then later
Link
Here is what I'm dealing with:
Let's say I have some php page:
<?php
// do php stuff
?>
And I have two HTML pages where the action sends them to this php page. On this php page, I want it to do one thing if it comes from one of the html pages, and something else if it comes from the other. I cannot pass any explicit variables to the php page, I need to check which page called the php.
I have tried:
$_SERVER['PHP_SELF'] when I access this, it doesn't seem the send the referring page.
$_SERVER['HTTP_REFERER'] this gives the previous page to the one im looking for.
For example:
HTML PAGE1 form calls php page --> I want some variable in PHP that contains HTML PAGE1.
HTML PAGE2 form calls php page --> I want some variable in PHP that contains HTML PAGE2.
Thanks for the help. Please let me know if there's some way I can clarify the question.
If the domain differs you can use:
$_SERVER['SERVER_NAME'];
But in all scenarios this would help:
$_SERVER['REQUEST_URI'];
Giving you the complete URL that was called.
As Think Different said a hidden field in your form is probably your best bet because you don't want to modify the url. In this case you would have the form submit over a POST request and retrive your data with $page = $_POST['YOUR_HIDDEN_VARIABLE_HERE'].
i have an ajax / php feature of my site that pulls in information from a table every 20 seconds. The information is about hobbie's
It displays on the page the name of the person and their hobby. I have a second page that acts as an information source for that hobby. Currently the only way to access the second page is by entering your hobby into a form on the first page. How would i get it so that i could click on the hobby that is being displayed on the homepage and access an information page on the hobby.
To access the information it currently grabs the hobby from a POST command.
The table results are being displayed on the homepage via
echo $row['name']." is interested in ".$row['hobby'];
Could i some how pass the hobby name through to another page? I only know how to do it through form submits.
I don't think that sesssions are necessary for this.
Look at what information your form is sending. If you're making a GET request you can add that url to a link.
So on your home page you could have links like the one below instead of forms.
<a href="/hobbies/?name=remote+controlled+cars>Remote Controlled Cars</a>
So with the link it would no longer be using $_POST but $_GET instead.
Psudeo code for your homepage link below.
<a href="/hobbies/?name=<?php echo slugify($row['hobby']); ?>><?php echo $row['hobby']; ?></a>
Look into using PHP's sessions.
You can create an anchor tag that is generated from the data provided with a query tailing it to carry the data over, effectively creating a link pointing to the next step with additional information. The only problem, of course, is that this is exposed to the user which can be hijacked.
You can also, if you are using only form submits, create a <input type="hidden"> with a value/name of something you can use to navigate to the next page, if you so desire.
I'm trying to implement a Facebook connect button to my website.
It's working, but it's written in JavaScript and I'd like to insert the information into the database (the tutorial I used is linked below.)
I'm trying to redirect the users from the index.php to index.php?name=xxx.
The name value is rendered with JavaScript so I can't simply just set a PHP variable, can I?
I've been told it's possible with $_GET so that's what I'm trying to achieve.
Using location.href/replace, both redirect to the same page over and over again...
This is the tutorial I used.
I would like to store some information in the database, but I can't do it directly since it's JavaScript and not PHP.
Is there a solution/any other way?
check if the name parameter is filled or not, and if it is, do not redirect
I have a webpage with a form on it. The heading of the form is this:
<form name="sw" METHOD ="POST" ACTION="logger1.php">
After some event has happened, a javascript function submits the form like this:
document.forms["sw"].submit();
The php file logs the data from the form in a text file on the server, and then redirects the browser to another page. My issue is that I want to examine one of the values in the form from the previous page on the page that the browser is redirected to. I am completely lost. help!
Have you considered using sessions? The $_SESSION[] array might keep your previously posted variable between pages.
Basically all the form information is being passed to the "logger1.php" file in the POST method.
So you need to see what the code in the "logger1.php" file is and see exactly how the file is redirecting once it's done doing what it does.
Then you can possibly append the variable you want passed on to the redirect method in the GET method.
Lets say the variable you want to pass on is:
$_POST['Some_variable']
and the redirect method is something like:
header('Location: some_file.php');
then you can append it this way:
header('Location: some_file.php?variable_name='.$_POST['Some_variable']);
You can append ?info=hello to the end of the URL it redirects to, then retrieve it in PHP with $_GET['info']
You can't. The information is not passed when the browser is redirected so there is no way to access it.
I think the best way to do this would be to store the value in a database. If you are using ASP.NET the easiest way to do this would be to set up a SQL Server Express database. They are free until you go over 10GB.
Cant you put the variable that you want to look at as a get variable added to the url of the redirected page like so http://yourdomain/thepage.php?var=variable