I have several pages which use querystrings to highlight an option in a menu, all the url's on the page have the currant querystring phrased in them so the same menu option will be highlighted on the next page if the user clicks the link.
However the problem arrises when someone visits the page without the querystring included in the url, the menu option isn't highlighted.
What i would like to do is check the URL to see if a querystring is present, if one isnt, create one.
The url's are phrased as such www.mysite.co.uk/Folder1/Folder2/Page.php?id=3
and i would like the default querystring to be ?id=1 if one isn't already present in the url.
Any ideas on how you do this?
And what would happen if a user visits using the URL www.mysite.co.uk/Folder1/Folder2/Page.php?
Would the URL end up as www.mysite.co.uk/Folder1/Folder2/Page.php??id=1
or would it be www.mysite.co.uk/Folder1/Folder2/Page.php?id=1
Thanks,
Maybe there are plenty of ways. You can assign value to $_GET key if one does not exist. Or if you really need to query string, you can renavigate the user to the same page with present querystring.
if (!isset($_GET['id'])) {
header("Location: Page.php?id=1");
exit;
}
It should be before any output in the page. So if user visits Page.php or Page.php? or Page.php?someDifferentParamThanId=10 it will return false on isset($_GET['id']) thus it will redirect to Page.php?id=1
This should work:
if(isset($_GET['id'])){
//It exists
}else{
//It does not, so redirect
header("Location: Page.php?id=1");
}
Do something like:
if(!isset($_GET['id'])){
header('LOCATION:www.mysite.co.uk/Folder1/Folder2/Page.php?id=1'); die();
}
In php, the query string is loaded into $_REQUEST variable. In your case, $_REQUEST['id'] will be equal to 1, 3 or whatever you get in the query string.
For solving the problem when no id is given via GET, I think will be enough to add this line at the beginning of each php page:
<?php
if ( $_REQUEST['id']=='' ) {$_REQUEST['id']=1;}
?>
It is not necessary to change the URL on the fly.
Related
For example, I have a page called profile_page.php. This page is only functional if data is written after the ?u= in the URL, for example, data for Alice's profile page can only be seen when the URL reads http://localhost/profile_page/alice.
Loading http://localhost/profile_page will give me undefined variable errors as most of my variable's are depending on the URL to have a value after the ?u=. For example, the variable $firstname can only be gathered when I get her username in the URL.
In such a case, when http://localhost/profile_page, I would rather have it redirect the user to their own profile_page, but I don't know how I can test the URL and parse it through an if statement.
I understand you can use $u=$_GET['u']; to obtain the current page URL? but I don't think doing this, is the best way to go about it:
$u=$_GET['u'];
if ($u == "http://localhost/profile_page/"){
// redirect to logged in users page code here
}
First, if you are using some parameter for your page to build, the url would looks like httlp://localhost/profile_page.php?firstname=alice&lastname=brown, with $_GET['firstname'] you will get alice in this case. If you want to test if the parameter is set first and redirect to another page if it is not set, you could use
if(!isset($_GET['firstname'])
{
header('Location:redirected_page.php');
}
I have an application where URL after rewriting are like this
http://www.domain.com/product/seller/product_id
an example link would be
http://storeiown.com/product/kitchenking/92013
This was okay but I need the title of the product to be included in the url
http://storeiown.com/product/a-very-nice-electric-cooker-by-kitchenking/92013
I achieved this too and all was good.
Now, I want all the url which do not include the title to redirect to this one.
Like, if user lands from the url without the title they should be redirected to a version of the page with the url containing the title in the url.
How do i accomplish that. And for info additional info I use CodeIgniter in the app, if that makes it any easier.
you can do this way which i use. In the previous page type this at the top:-
<?php
session_start();
$_SESSION['mainpass']= '0';
?>
And in the next page code this at the top of the page :-
<?php
session_start;
if(isset($_SESSION['mainpass'])) {
//run the current page
}else{
header("location: www.domain.com");
}
?>
If you are using codeigniter, you could try the below.
$seg3 = $this->uri->segment(3);
if(is_numeric($seg3)){
//The user has come without the header because the third segment is numeric thus probably using the product id.
//Therefore, redirect again to the proper link after getting the heading from your db
} else {
// do nothing
// the seg3 is not numeric means it probably came through normal preferred way
}
And in order to use the
$this->uri->segment(3);
You need to either
auto load the url helper
load manually when required
I have index.php that include pages like
<?php
define('MyConst', TRUE);
include_once('template/header.php');
if (!empty($_GET['action'])) {
$action = $_GET['action'];
$action = basename($action);
include("template/$action.php");
} else {
include("template/main.php");
}
include_once('template/footer.php');
?>
With in a template directory I have main.php which has link to other pages like page1.php, page2.php.
Goto page 1
Goto page 2
How could I prevent users form accessing pages directly typing "http://mydomain.com/?action=page1" on the URL? And redirect them to main.php if they have done it?
You can not. What you want is simply not possible.
For the server side there is no way to know whether an URL is typed or clicked.
If I understand correctly, the thing you want is to prevent the user to access http://example.org/?action=page1 unless they came from http://example.org/?action=main. To do that, you must be able to detect whether they came from http://example.org/?action=main. The safest way to do that is to generate some random value that you associate to the users when they access http://example.org/?action=main and to check whether there is a correct value associated to the users when they want to access http://example.org/?action=page1. If not, they tried to access that page directly.
Check for HTTP_REFERER and if it is not pointing to right values (like your meny page) then redirect user.
Maybe you can try this, On your index.php :
session_start();
if(! isset($_GET['action']))
{
$_SESSION['pageAccess'] = true; # Set the key whatever you want
}
then under that script (we need that session_start() used twice) :
if(isset($_GET['action']))
{
if(! isset($_SESSION['pageAccess']) || ! $_SESSION['pageAccess'])
exit('There is no direct access allowed.');
}
Hope this help, have a nice day.
As per your Question:
There are two approaches that you can follow:
Use HTTP_REFFRER and check on desired page if User is coming from the page u wanted. IF he is accessing the direct URL then show him error page.
Use $_SESSION but this approach can be harmful as SESSION will always be there untill browser / instance closed.
So better to go for 1st approach.
And also as per Pehaa, you can not check id URL is typed
Ok so when somebody types this into the URL mywebsite.com/?s1=affiliateid
I want to take the affiliateid part out of the URL. Every affiliate will put a different username into the address.
Then I want to create a link will point to differentwebsite.com/?id=affiliateid based on the username typed into the address bar.
Now so far, I know that I have to have something like this will get that affiliate id
$aff_id = $_GET['s1'];
Then I can use that variable to create a link or just redirect it to the next page
differentwebsite.com/?id=$aff_id
My question is, where do I place this code at? $aff_id = $_GET['s1'];
Do I have to make a page called ?s1.php or something?
Assuming s1 isn't used anywhere else but just to create a link:
<?php
$s1 = isset($_GET['s1']) && !empty($_GET['s1'])
? $_GET['s1'] // it's populated, use the passed value
: ''; // default value in case it's not present
//
// Maybe check $s1 is indeed valid
//
$newurl = sprintf('http://differentwebsite.com/?id=%s', urlencode($_GET['s1']));
?>
Then you can output that link somewhere on the page, like:
New Url Here
urlencode will make sure that if s1 has characters like &, =, ?, / (or others) it won't break the integrity of the url.
If you want the concise approach:
<a href="http://differentwebsite.com/?id=<?= urlencode($_GET['s1']); ?>">
New Url Here
</a>
You could place $aff_id = $_GET['s1'] anywhere before you want to use $aff_id. I tend to put stuff like that at the top of the page.
Or, simply put. "differentwebsite.com/?id=$_GET['id']"
I would suggess you do a check to see if the id parameter exists in the URL before you try to use it. Maybe even make sure it is the data type you expect, integer, string, etc. So as when you redirect users, you don't send them somewhere else in a broken way.
If you are not using this for SQL then no SQL Injection could occur #BlackHatShadow.
Append the $aff_id that you get from mywebsite.com to the url of the new web site. Presumably, $newurl = "differentwebsite.com/?id=".$aff_id.
Edit:
Do I have to make a page called ?s1.php or something?
You need to make a page that the user will land on when they hit the url: www.mywebsite.com/
I assume you are running a web server that can process PHP code. The code can go into a file called index.php in your server's document root directory. If you don't know what this is, I suggest googling a "how to" guide for your specific server.
Get the value of "s1" from the url and store it in $aff_id:
$aff_id = $_GET['s1'];
If you want to pass this variable into another web site which accepts an "id" parameter, then you can simply append $aff_id to the new web URL and redirect the user there.
Redirect the user to differentwebsite.com and also sends the $aff_id from mywebsite.com to the other URL:
header('Location: http://www.differentwebsite.com/?id='.$aff_id);
I have a website authored in PHP where any time a user receives an error I will redirect them to a another page (using header(Location:...)) and put the error ID in the URL so that I know which error to display.
E.g. If the user tries to access a product page but that item is no longer available I will redirect back to the category of items they were previously looking at and display an error based on the error ID I have specified in the URL.
www.example.com/view_category.php?product_category_id=4&error_id=5
There are two things I don't like about this approach:
It displays the error_id in the URL.
if the page is refreshed, the error will still display.
Is there a way to cleanly remove a specific $_GET variable from a URL while leaving the rest of the variables intact AFTER the page is loaded?
I'm thinking maybe it's using modRewrite or a redirect back to the page itself but removing the error_id from the URL or using a $_SESSION variable and avoiding putting the error_id in the URL. Your thoughts?
I really am learning a lot from this community and thought if I posed the question I might be able to learn something new or to get some varied ideas as I'm fairly new to scripting.
No, there's no way to do that explicitly - at least not without a page refresh but then you'd lose the data anyway.
You're better off using a temporary session variable.
if ( /* error condition */ )
{
$_SESSION['last_error_id'] = 5;
header( 'Location: http://www.example.com/view_category.php?product_category_id=4' );
}
Then, in view_category.php
if ( isset( $_SESSION['last_error_id'] ) )
{
$errorId = $_SESSION['last_error_id'];
unset( $_SESSION['last_error_id'] );
// show error #5
}
Yes, there is a way to remove especific $_GET from PHP...
varToRemove = "anyVariable";
foreach($_GET as $variable => $value){
if($variable != varToRemove){
$newurl .= $variable.'='.$value.'&';
}
}
$newurl = rtrim($newurl,'&');
Then, put the $newurl in the link.. like this:
pageurl?something=something&<? echo $newurl; ?>
I know it´s an old post, but, other programers may be search for it!
First, log the error in your database :)
After that, set a cookie or session variable and then redirect the user to safe page. When that page is loaded, have it check for the variable, display the error, and then delete variable from the cookie or session array.
One way is to compare the HTTP_REFERER with the SCRIPT_NAME. They'll be the same if the user has hit Refresh.
Quick Hack: You could have also imploded()'d on "&" in the the $_SERVER['QUERY_STRING'] variable to manipulate that string and then explode()'d it back.
Wouldn't this approach work?
<?php
$params = array_diff($_GET, array("variable_name" => $value));
$new_query_string = http_build_query($params);
?>
<script>window.history.pushState('verify_email', 'Verify Email', '?<?php echo $new_query_string; ?>');</script>
i had same problem
try : http://www.azazia.com/kb/entry/26/
if (!empty($_GET['passvar'])) {
unset($_GET['passvar']);
echo "<META HTTP-EQUIV=\"refresh\" CONTENT=\"0; URL=".$_SERVER['PHP_SELF']."\" >";
}
work perfectly for me.