I'll be serving this via PHP, so it'll be more difficult to hijack. It's a temporary solution that'll be manually reviewed, so I'm not particularly worried about security. But, I was wondering if it's possible to create a link that would work with variables? Something like this:
https://paypal.com/pay?type=link&price=55aud&item=coffee
After thoroughly searching PP's API documentation I can't find anything of the type.
Of course. You just need to build your string dynamically with PHP. For example, using your link sample, we might end up with something like this:
$price = 55;
$item = 'coffee';
$currency_code = 'aud';
$paypal_url = 'https://paypal.com/pay?type=link&price='.$price.'¤cy_code='.$currency_code.'&item='.$item;
Of course, you could use static variables like I did here, or you could load the URL items with session variables, database data, etc. Once the URL is prepared you can output it and attach it to a link, button, simply redirect straight to it, or whatever you need to do.
Related
Is it possible to submit a query without updating the URL?
On a dictionary, I want to do first one simple query: www.example.com/?q=word
On the result page there will be a button with which I want to search for more results with another query.
This second query will be done normally with www.example.com/more.php?q=word.
That code would look as follows:
<button onclick="window.location.href = 'more.php?q=<?php echo "$trimmed"; ?>';">search for more results</button>
However, I want that the URL remains unchanged so that the next dictionary query starts again with a simple query. In other words, I want to hide the part "more.php" from the URL.
Assuming that your www.example.com?q=word points to the index.php.
Assuming also that your more.php contains functions.
Assuming as third, that your index.php returns something displayable in the browser even if there is no GET-parameter i.e. the initial page call.
Doing so, a really simple solution would be to fire every query against the index.php.
There you can handle every query, even different types, based on a new GET-parameter type use use.
#index.php
require 'more.php';
// do something here to validate the parameters you use
switch($_GET('type')) {
case 'simple':
return simpleCall();
break;
case 'more':
return additionalInfo();
break;
}
function simpleCall() {
// do stuff here
// access $_GET for other paramters
}
#more.php
function complexCall() {
//do complex stuff here
}
Finally, your HTML would look something like this
<button onclick="window.location.href = '/?type="more"&q=<?php echo "$trimmed"; ?>';">search for more results</button>
Until you get more than these two types it becomes cluttering at your switch-statement.
For this reason, it would be a good idea to think about different solutions like:
having a routing system like this https://medium.com/the-andela-way/how-to-build-a-basic-server-side-routing-system-in-php-e52e613cf241
using asynchronous calls from your frontend with the help of JavaScript to call to different PHP files on the server but stay on the same page in the frontend. This will immediately lead to some kind of API. But this is generally not the badest idea.
Please validate your parameters regardless if POST or GET before you do anything with them in the rest of your code. Having the example of a dictionary sounds extremely like to query a database where SQL injection is, for example, a big thing if data us used unchecked.
I hope this helps a bit.
I am using wordpress for a web site. I am using snippets (my own custom php code) to fetch data from a database and echo that data onto my web site.
if($_GET['commentID'] && is_numeric($_GET['commentID'])){
$comment_id=$_GET['commentID'];
$sql="SELECT comments FROM database WHERE commentID=$comment_id";
$result=$database->get_results($sql);
echo "<dl><dt>Comments:</dt>";
foreach($result as $item):
echo "<dd>".$item->comment."</dd>";
endforeach;
echo "</dl>";
}
This specific page reads an ID from the URL and shows all comments related to that ID. In most cases, these comments are texts. But some comments should be able to point to other pages on my web site.
For example, I would like to be able to input into the comment-field in the database:
This is a magnificent comment. You should also check out this other section for more information
where getURLtoSectionPage() is a function I have declared in my functions.php to provide the static URLs to each section of my home page in order to prevent broken links if I change my URL pattern in the future.
I do not want to do this by using eval(), and I have not been able to accomplish this by using output buffers either. I would be grateful for any hints as to how I can get this working as safely and cleanly as possible. I do not wish to execute any custom php code, only make function calls to my already existing functions which validates input parameters.
Update:
Thanks for your replies. I have been thinking of this problem a lot, and spent the evening experimenting, and I have come up with the following solution.
My SQL "shortcode":
This is a magnificent comment. You should also check out this other section for more information
My php snippet in wordpress:
ob_start();
// All my code that echo content to my page comes here
// Retrieve ID from url
// Echo all page contents
// Finished generating page contents
$entire_page=ob_get_clean();
replaceInternalLinks($entire_page);
PHP function in my functions.php in wordpress
if(!function_exists("replaceInternalLinks")){
function replaceInternalLinks($reference){
mb_ereg_search_init($reference,"\[custom_func:([^\]]*):([^\]]*)\]");
if(mb_ereg_search()){
$matches = mb_ereg_search_getregs(); //get first result
do{
if($matches[1]=="getURLtoSectionPage" && is_numeric($matches[2])){
$reference=str_replace($matches[0],getURLtoSectionPage($matches[2]),$reference);
}else{
echo "Help! An unvalid function has been inserted into my tables. Have I been hacked?";
}
$matches = mb_ereg_search_regs();//get next result
}while($matches);
}
echo $reference;
}
}
This way I can decide which functions it is possible to call via the shortcode format and can validate that only integer references can be used.
I am safe now?
Don't store the code in the database, store the ID, then process it when you need to. BTW, I'm assuming you really need it to be dynamic, and you can't just store the final URL.
So, I'd change your example comment-field text to something like:
This is a magnificent comment. You should also check out this other section for more information
Then, when you need to display that text, do something like a regular expression search-replace on 'href="#comment-([0-9]+)"', calling your getURLtoSectionPage() function at that point.
Does that make sense?
I do not want to do this by using eval(), and I have not been able to accomplish this by using output buffers either. I would be grateful for any hints as to how I can get this working as safely and cleanly as possible. I do not wish to execute any custom php code, only make function calls to my already existing functions which validates input parameters.
Eval is a terrible approach, as is allowing people to submit raw PHP at all. It's highly error-prone and the results of an error could be catastrophic (and that's without even considering the possibly that code designed by a malicious attacker gets submitted).
You need to use something custom. Possibly something inspired by BBCode.
Im looking for an elegant way to hand over data/params when using $f3->reroute();
I have multiple routes configured in a routes.ini:
GET #sso: /sso/first [sync] = Controller\Ccp\Sso->first, 0
GET #map: /map [sync] = Controller\MapController->second, 3600
Now I reroute(); to #map route, from first();
class Sso {
public function first($f3){
$msg = 'My message!';
if( !empty($msg) ){
$f3->reroute('#map');
}
}
}
Is there any "elegant" way to pass data (e.g. $msg) right into $MapController->second(); ?
I donĀ“t want to use $SESSION or the global $f->set('msg', $msg); for this.
This isn't an issue specific to fat-free-framework, but web in general. When you reroute, you tell the browser to redirect the user's browser page using a 303 header redirect code.
Take a minute to read the doc regarding re-routing: http://fatfreeframework.com/routing-engine#rerouting
There seems to be some contradicting information in your question, which leads me to question the purpose of what you are trying to achieve.
If you are rerouting, you can either use the session, cookies, or use part of the url to pass messages or references to a message.
If you do not need to redirect, but just want to call the function without changing the passed parameters, you could abstract the content of the function and call that function from both routes. You could also use the $f3 globals, which are a great way of passing data between functions in cases where you don't want to pass the data using the function call. is there a reason why you don't want to to use this? The data is global for the single session, so there is no security concern, and the data gets wiped at the end of the request, so there is very little extra footprint or effect on the server.
If you're alright with not using #map_name in re-routes you can do something like this:
$f3->reroute('path/?foo=bar');
Not the prettiest I'll admit. I wish $f3->reroute('#path_name?foo=bar') would work.
I'm puttings filters in links with GET variables like this: http://example.com/list?size=3&color=7 and I'd like to remove any given filter parameter from URL whenever a different value for that particular filter is selected so that it doesn't, for example, repeat the color filter like so:
http://example.com/list?size=3&color=7&color=1
How can I if(isset($_GET['color'])) { removeGet('color'); } ?
You can use parse_url and parse_str to extract parameters like in example below:
$href = 'http://example.com/list?size=3&color=7';
$query = parse_url( $href, PHP_URL_QUERY );
parse_str( $query, $params );
// set custom paramerets
$params['color'] = 1;
// build query string
$query = http_build_query( $params );
// build url
echo explode( '?', $href )[0] . '?' . $query;
In this example explode() is used to extract the part of the url before the query string, and http_build_query to generate query string, you can also use PECL http_build_url() function, if you cannot use PECL use alternative like in this question.
You can't remove variables from GET request, just redirect to address without this var.
if (isset($_GET['color'])) {
header ('Location: http://www.example.com/list?size=' . $_GET['size']);
exit;
}
Note: in URL http://example.com/list?size=3&color=7&color=1 is just one $_GET['color'], not two. Only one of them is taken. You can check, is $_GET['key'] exists, but you don't know how many of them you have in your URL
So, assuming I'm understanding your question correctly.
Your situation is as follows:
- You are building URLs which you put into a webpage as a link ( <a href= )
- You are using the GET syntax/markup (URL?key=value&anotherkey=anothervalue) as a way to assign filters of some sort which the user then receives when they click on a given link
What you want is to be able to modify one of the items in your GET parameter list (http://example.com/list?size=3&color=7&color=1) so you have only one filter key but you can modify the filter value. So instead of the above you would start with: (http://example.com/list?size=3&color=7) but after changing the color 'filter' you would instead have http://example.com/list?size=3&color=1).
Additionally you want to do the above in PHP, (as opposed to JavaScript etc...).
There are a lot of ways to implement the change and the most effective way to do it depends on what you are already doing, most likely.
First, if you are dynamically producing the HTML markup which includes the links with the filter text, (which is what it sounds like), then it makes the most sense to create a PHP array to hold your GET parameters, then write a function that would turn those parameters into the GET string.
New filters would appear when a user refreshed the page, (because, if you are dynamically producing the HTML then a server request is required to rebuild the page).
IF, however, you want to update the link URLs on a live page WITHOUT a reload look into doing it with JavaScript, it will make your life easier.
NOTE: It is likely possible to modify the page, assuming the links are hard coded, & the page is hard coded markup, by opening the page as a file in PHP & making the appropriate change. It's my opinion that this would be a headache and not worth the time & effort AND it would still require a page reload (which you could NOT trigger yourself).
Summary
If you are writing dynamic pages with PHP it shouldn't be a big deal, just create a structure (class or array) and a method/function to write that structure out as a GET string. The structure could then be modified according to your desire before generating the page.
If, however, you are dealing with a static page, I recommend JavaScript (either creating js structures to allow a user to dynamically select filters or utilizing AJAX to build new GET parameter lists with PHP and send that back to the javascript).
(NOTE: I am reminded that I have done something along the lines of modifying links on-the-fly for existing pages by intercepting them before they are displayed to the user [using PHP] but my hands were tied in other areas and I would not recommend it if you have a choice AND it should be noted that this still required a reload...)
Try doing something like this in your back-end script:
$originalValues=array();
foreach($_GET as $filter=>$value)
{
if(empty($originalValues[$filter]))
$originalValues[$filter] = $value;
}
This may do what you want, but it feels hackish. You may want to revise your logic.
Good luck!
just put a link/button send the user to index... like this.
<a class="btn btn-primary m-1" href="http:yoururl/index.php" role="button">Limpar</a>
Does Google Analytics store the utm_source, utm_medium paramaters in a cookie or something similar that I can access on my own site using PHP? - OR - does anyone have an example of code I could use to identify a traffic source ie. PPC, Natural etc.
Yes, Google stores this information in a cookie; specifically, the __utmz cookie.
You can write a piece of JavaScript to read the cookies that GA stores in the browser. This information is stored in the __utmz cookie. For example, if a link contained all 5 possible utm variables, the cookie would look something like this (I've substituted the capitalized names for the values, so SOURCE is the value for utm_source:
43838368.1283957505.1.3.utmcsr=SOURCE|utmccn=CAMPAIGN|utmcmd=MEDIUM|utmctr=TERM|utmcct=CONTENT
This is what a __utmz cookie looks like for an organic google search:
140029553.1283957328.2.136.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=SEARCH-TERMS-HERE
This is what a __utmz cookie looks like for a direct visit:
17861479.1283957910.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
This is what a __utmz cookie looks like for paid google search with autotagging:
175516223.1283957996.1.1.utmgclid=CLrr7fyL-KMCFZpN5QoduVOTLA|utmccn=(not%20set)|utmcmd=(not%20set)|utmctr=SEARCH+TERM
PHP is not ideal, since you could never read the cookie on single-page-visits, but here is what the code could look like in PHP.
if(isset($_COOKIE['__utmz']))
{
$cookie= $_COOKIE['__utmz'];
$params = strstr($cookie, 'utm');
$cookiearray = explode("|", $params);
$final = array();
for($i=0; $i<count($cookiearray); $i++)
{
$temp = explode("=",$cookiearray[$i]);
$final[$temp[0]] = temp[1];
}
}
This would give you an array ($final) with key-value matches for each traffic source parameter.
You'd probably be better off parsing this in JavaScript and posting it to your server using AJAX, rather than reading it on the server-side, since you could only do that on the second page view, and would thus lose the ability to track single-page-view users. This can be an annoying task with manual JavaScript, because both cookies and AJAX can be inconsistent across browsers, so I would recommend a framework like jQuery.
Here's the approach I would take using jQuery. I'd add the jQuery cookie plugin, and post it within a _gaq.push(function(){...}); clause like this (assuming that the PHP above is stored in handler.php).
$.post('handler.php', '__utmz' : $.cookie("__utmz") );
Then, switch the two references of $_COOKIE to $_POST, and do whatever you want with the array it produces.