Okay php newbie here, please bear with me. I am not sure if this is a redundant question but here goes. I have a reference code i want to stick to my url. example: site.com/index.php?refcode=123. That's fine right? we can put anything on there. Naturally the visitor goes to the index page. But if the visitor then clicks on other buttons that leads to other pages in my site, the parameter is gone. Like I want to track which code the visitor has when he sends me an email when he later decides to go to my contact page. How can this be done with php? or can this be done with jquery?
You would be best off saving the url variable into a session variable instead. The session variable will stick with the user so you have access to it no matter what page they go to.
$_SESSION['refcode'] = $_GET['refcode'];
Make sure to use session_start()
But if you do want to do it the way you have asked you can modify all urls on your page and add:
'?'.$_SERVER['QUERY_STRING']
This will add the query string to your url so the next page they go to would still have it. But that does seem like a lot more work.
Related
I ran a pentest on my app and it should an XSS issue. Essentially, I could do a url like the following and it would give me a popup
https://test.com/index.php?id=12345'><script>alert(1)</script>
So I have implemented something which I hope resolves this issue. At the top of the page I do
$_GET['id'] = urlencode($_GET['id']);
Within the page content, I might then have a link to another page like so
Link
When I now test the page, no pop up is displayed. The pentest is also clear. However, someone else in another location is trying it and they still get the popup. I just wanted to make sure that what I have done is ok?
Additionally, when I view the link in firebug, I see the link with the script part. Should this not be displaying as sanitized within firebug?
Any information appreciated.
Thanks
I think you're looking for htmlentities
I would set it to an intermediate variable, since you're using the $_REQUEST array later instead of $_GET
$id = urlencode(htmlentities($_GET['id']));
and then later
Link
Currently I'm building a plug-in for wordpress, where I have a couple of webpages with tables, filled with data from a database. Right now I'm working on the part where I click on a number (MemberID) which should redirect to a page, having all the information from another table regarding this number. I've tried transfering the data through the URL, with both
?MemberID=".$item->MemberID."
and
/MemberID="$item->MemberID."
, but everytime I try to alter the URL, the webpages suddenly can't seem to find itself anymore. I'm sure it has to do whith this part of the code:
add_submenu_page( null , 'Manage memberDetails' , 'memberDetails' , 'manage_options', 'memberDetails' , 'memberDetails_list' );
where the fifth value sets the URL for this page to be
http://localhost/wordpress/wp-admin/admin.php?page=memberDetails
So whenever I try to add something behind that URL, it doesn't acknowledge the existance of said page anymore, resulting in a redirection error.
Is there a way to transfer the variable without using the URL, or is there a way to give more of a dynamic to the URL?
You are using add_submenu_page wrong. The first param is required and can not be null.
https://codex.wordpress.org/Function_Reference/add_submenu_page
You need to get that fixed first so you page properly works.
As someone pointed my fairly basic mistake out this is what went wrong:
The URL is
http://localhost/wordpress/wp-admin/admin.php?page=memberDetails
where I tried to turn it into
http://localhost/wordpress/wp-admin/admin.php?page=memberDetails/memberID=
which creates a whole new webpage and is therefor impossible in this case. I need to transfer the variable behind the memberID=, not refer to a whole new webpage. The other thing I tried to do was
http://localhost/wordpress/wp-admin/admin.php?page=memberDetails?memberID=
which is impossible, because the second ? in the URL needed to be replaced with a &
From there on, it was pretty easy to use $_GET to retrieve the variable from the URL and use it.
So for extra clarity, this is how the URL is supposed to look
http://localhost/wordpress/wp-admin/admin.php?page=memberDetails&memberID=
I want to store a variable in the URL while they are browsing.
For example:
A menu, when the user selects ?category=shopping it goes to a map with shopping and they can click on a place and it should go to ?category=shop&id=22.
If they return to the menu then the ?category should be removed and if they click on something else e.g ?category=cafe.
I've been really puzzled with this and would appreciate any help - thanks!
If you just need to store state between pages, as your title suggests, then you can store this information inside the $_SESSION superglobal array. You start a new session by running session_start() as the very first line of any new page, before any output is sent to the browser. Anything you then store inside of $_SESSION will be available when you start the session in the same way on the next page.
If you're only interested in building a query string (i.e. the ?field=value&field2=value2 portion of the URL), as the content of your question indicates, then you might want to take a look at the http_build_query() function.
Your question seems a little ambiguous to me as to what your actual goal is for this, so I gave you both approaches. Just remember that you should use $_SESSION for state, and http_build_query() for creating dynamic URLs to point to specific content. Also remember that if the data needs to be secure, then you shouldn't put it in the URL or anywhere else the user could modify it, or where others could read it (e.g. in the browsers address bar). That sort of information needs to be in $_SESSION.
Thats a good use for session variables.
$_SESSION["category"]="stuff";
you can then keep it until you dont want it any more, or they terminate their session
I want to store a variable in the URL while they are browsing.
You can't actually "store" anything in the URL.
If you want to pass some data from one page to another using query string, you have to add this data to the query string.
"A map with shopping" should add category to the every it's link.
That's the way every web application works.
Session is not the way to go, because every page on the site should have it's address, and your category being important part of this address. If you store it in the session, no bookmark can be added, no link to be sent to a friend and no search engine will index your goods.
The short version of what I am looking to do is make a "safe" and idiot-proof page, at least as much as possible.
I have researching the best way to make every hyperlink on a page (ie. standard menus used on the page or any other hyperlinks outside of a HTML form) submit/POST the form information and then redirect to the page clicked on.
For some reason not all users remember the "Save" button before clicking on something else. Then they are upset because they didn't save their information. I would much rather have all the information be saved before sending them on to the hyperlink's URL.
Helpful information:
- This is on a PHP based project.
- I have already put in place code to "detect" what kind of page is in use and if the feature is needed.
- I have header() redirects in some places for other items, so that is nothing new.
- I have looked at javascripts to add, when needed, so that the form is POSTed, and found some options for that.
At this point I can't get the final steps put together, such as a javascript that would POST the information AND store the URL that the hyperlink was supposed to go to. Process the POST information and then redirect to the stored URL.
Dream Example:
onclick="submitformandforward("Example_form", "http://example.mysite.com/example_page.php?querystring=Y")"
Any suggestions, tips, examples, etc are warmly welcomed!
Thanks.
KH
Javascript is the tool you require...
remember some people may have it switched off...
Wehn some clicks a link - check that the form values have been altered - if not carry on - if they have inform that that changes need saving...
I have a classifieds website.
In every classified, there is a back link which simply takes the browser back one step.
This is because when users search classifieds, and click on one to view it, they can easily go back with a link also (instead of only the browser back button).
Here is the problem, if the classified is entered directly into the adress bar of a browser, or if somebody bookmarked a classified, then this back-link would take them someplace else...
Is there any way of making sure that the previous page is a certain page (index.php in my case)?
This way I would only display the back link if the previous page was index.php...
Thanks
You can't query history data. A slightly better option is to read the Referrer server variable and create your "Back" link to it. It's not very much stronger than history.go(), though. Try using a common index page instead.
Why not just insert a link to index.php directly? That way you have complete control over the target of the link. No need for JavaScript.
You should track their session within PHP or whatever language you're using in order to have an effective "back" button.
You could pull the data with document.referrer but that will not always give you the previous page. Sadly I am not sure of a way to achieve a "Back" button via javascript without using some kind of scripting language to track a user either via cookie or session.