I have a page that does a re-direct as such, following the guidelines from this SO Post.
header("Location: http://www.fivefoo.com?uid=johnny");
die();
This small php file is located here in index.php of course.
http://www.fivefoo.com/johnny
What I did was just add on a query to the re-direct
?uid=johnny.
First and main question. Am I allowed to to do this?
Secondly, where do I retrieve the query values. My guess, would be the $_GET global.
Yes you are allowed to do this (why shouldn't you be?)
Yes, you can get the query values from the $_GET superglobal array. More specifically, $_GET['uid'] will contain the text 'johnny' (without the quotes of course).
Yes, you can do this.
Yes, the $_GET is used for this, so $_GET['uid'] in your example would return 'johnny'.
More info here
Related
Pls am new to programming
Pls sir I have being seeing this in many php files .php?id=3
But I don't understand how it works or how to put it in my code,
This is called the query string, it's a way of passing parameters to your page.
You can access them in the php using the $_GET superglobal like so:
var_dump( $_GET['id'] );
Tips for using query string variables:
Check it is set before trying to use it: isset($_GET['id']) because you can't be sure it will be there.
This is "user input" and so you should not trust it implicitly. Whatever you do with user input you should use the appropriate security mechanism to sanitize it to prevent vulnerabilities.
If you generate a link with dynamic query string variables then be sure to use URL encoding/Percent encoding which can be done with urlencode().
Is there a way to access HTTP GET variables in PHP without using $_GET or $_REQUEST? I'm asking because I know that $_POST isn't populated if the POST isn't sent through a form and I want to make sure that using $_GET doesn't have similar problems.
Sure, $_SERVER['QUERY_STRING'] contains the raw foo=bar&baz=qux type string, which you can pull apart with parse_str() and the like. But why would you want to? You'd just be replicating work that PHP has already done for you.
You can also use the filter_input() function:
$search_html = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
I want twitter to send a user back to
site.com/person.php?person=$curr_person
where $curr_person is a session variable stored in $_SESSION['person'] and obtained from $_GET['person']
Problem is when Twitter redirects back to my site $curr_person is not evaluated and is taken literally. I assume the redirect doesn't hit my server...how can I get the call back URL to be evaluated properly?
Thanks
The reason it is not evaluated is probably because you entered it as a part of the string like that:
$twitter->call('site.com/person.php?person=$curr_person');
But there are two solutions:
Concatenate:
$twitter->call('site.com/person.php?person=' . $curr_person);
Use double quotes:
$twitter->call("site.com/person.php?person=$curr_person");
Hope this helps.
Ps. Of course I am assuming you are passing this URL to some method (like $twitter->call()), so do not just copy the code - just get familiar with the way both solutions differ from the code at the beginning of my answer.
I use a query string, for example test.php?var=1.
How can I check if a user types anything after that, like another string...
I try to redirect to index.php if any other string (query string) follows my var query string.
Is it possible to check this?
For example:
test.php?var=12134 (This is a good link..)
test.php?a=23&var=123 (this is a bad link, redirect to index..)
test.php?var=123132&a=23 (this is a bad link, redirect to index..)
I'm not sure I fully understand what you want, but if you're not interested in the positioning of the parameters this should work:
if ( isset($_GET['var']) && count($_GET) > 1 ) {
//do something if var and another parameter is given
}
Look in $_SERVER['QUERY_STRING'].
Similar to Tom Haigh’s answer, you could also get the difference of the arguments you expect and those you actually get:
$argKeys = array_keys($_GET);
$additionalArgKeys = array_diff($argKeys, array('var'));
var_dump($additionalArgKeys);
test.php?a=23?var=123 (this is a bad link, redirect to index..)
In this case, you only have one variable sent, named "a" containing the value "a?var=123", therefore it shouldn't be a problem for you.
test.php?var=123132&a=23 (this is a bad link, redirect to index..)
In this case you have two variables sent, ("a" and "var").
In general you can check the $_GET array to see how many variables have been sent and act accordingly, by using count($_GET).
I think you are trying to get rid of unwanted parameters. This is usually done for security reasons.
There won't be a problem, however, if you preinitalize every variable you use and only use variables with $_GET['var'], $_POST['var'] or $_REQUEST['var'].
How can I use download.php?get=file.exe with without the get variable, like download.php?=file.exe, using the $_GET in PHP?
You can use $_GET[0] or $_REQUEST[0]
You could use $_SERVER['request_uri'] which would allow you to omit the ? completely, leaving you with URLs like example.com/download.php/file.exe
Then, with a bit of URL rewriting (or implementing a bootstrap controller) you could clean it up even more, resulting in example.com/download/file.exe
What you need i address rewritting this wikipedia article should give you enough information to stat with. Specifically, if you use apache, read about mod_rewrite.
You can use $_SERVER['QUERY_STRING'] to get everything after the ?.
Edit: Then you could use download.php?file.exe