Please i need your help with a small issue i'm having. I'm using the Redirecting users to the page they have just pasted a comment on, and d=3 is suppose to be dynamic i.e take different intergers according to the id .
I've tried to add the php variable like this
Header('Location: http://site/a.php?id=$articleID')
but i get an error.
Header('Location: http://site/a.php?id=3')
Please how can I get over this issue.
Thanks
You can't pass variables into single quoted strings
header("Location: http://site/a.php?id=$articleID");
exit;
don't forget to include exit;, otherwise the rest of the script will still execute until the new page is loaded.
Change your quotes from single to double. Single quotes won't interpret variables inside them.
Header("Location: http://site/a.php?id=$articleID")
Related
I wish to create a simple php script which takes 2 variables and redirect to a certain URL format,
e.g. http://example.com/redirect.php?folder=orange&ID=19
will redirect to say http://123.122.1.12/folder=orange&ID=19
where "orange" and "19" are the two variables (no space)
another thinking is that I can pass the whole string "folder=orange&ID=19" as one variable but it contains = and & so I don't know if it is possible as it may confuse the system when used in the URL,
Can someone give me a script (redirect.php) that can do the above please? thanks!
You are probably looking for http_build_query function, so you can do it this way:
header('Location: http://123.122.1.12/?' . http_build_query($_GET));
or
header('Location: http://123.122.1.12/?' . $_SERVER['QUERY_STRING']);
after more research and trial and error, the easiest solution is parse the whole string as one variable as in this URL
example.com/redirect.php?sx=folder%3Dkodak%26ID%3D19
<?php
header( 'Location: http://127.0.0.1/?'. $_GET["sx"] ) ;
?>
the key is to encode the = and & symbols in the URL so they can be seen as a string not codes.
I've been teaching myself php & mysql & have found this site invaluable. Thanks to all who answer questions.
I have found several q&a's that are close to this & they HAVE helped to point me in the right direction but I can't quite get this to work.
Here's what I'm trying to do: Pass a constructed SQL query to a second php script so that the results can be displayed in a new window. I can't quite seem to get the syntax right to pass the sql
query ($sql) to open.window correctly. A matter of quotes I
think. I have tried echo instead of print, single quotes with double quotes inside, using ('$sql'), but nothing seems to work.
I do need this to be called by a variable, so that it is after the submit is given. I would prefer not to have a second submit
Help?
if (isset($_POST['NEWWINDOW'])) {
echo "<script>window.open("results.php?sql=$sql)</script>";
}
This will concatinate your $sql-variable with the rest of the string, however doing this you should keep in mind to sanitize your sql in result.php before submiting it to your database.
if (isset($_POST['NEWWINDOW'])) {
echo "<script>window.open('results.php?sql=".$sql."')</script>";
}
Try this
<?php
if (isset($_POST['NEWWINDOW'])) {
echo "<script>window.open('results.php?sql=$sql')</script>";
}
?>
Thank you each for your responses. This query form is private, & I will be the only one using it... (behind firewall), so the risk is minimal. However, the point is well made & I would certainly rather learn to do it the right way than the wrong way. The database is important. Recommendations?
Neither of the two offered suggestions as to syntax work for me.
I made sure & copy the syntax exactly. In both (all three cases) the window.open fails to open a window. I finally cut & pasted to be sure, but the behavior is the same.. the window does not even open.
I have a form that collects data from a user and inserts them into a mySQL database. My problem is to present the data submitted to the user using redirect. I created a simple function, redirect_to($var1) that works OK.
Problem arises with this syntax:
redirect_to("serraRedirect1.php?lastname=$_GET['lastname']&firstname=$_GET['firstname']&emailconf=$_GET['emailconf']&entree=$_GET['entree']&lastname2=$_GET['lastname2']&firstname2=$_GET['firstname2']&entree2=$_GET['entree2']&meal_cost=$_GET['meal_cost']");
The error message is 'unexpected "' in line xxx.
I've made several changes but nothing I did works.
I need help in getting the syntax right.
You forgot to concatenate..
Do like this
redirect_to("serraRedirect1.php?lastname=".$_GET['lastname']."&firstname=".$_GET['firstname']."&emailconf=".$_GET['emailconf']."&entree=".$_GET['entree']."&lastname2=".$_GET['lastname2']."&firstname2=".$_GET['firstname2']."&entree2=".$_GET['entree2']."&meal_cost=".$_GET['meal_cost']);
If you are including a value from an array in a double-quoted string, you need to surround it in curly brackets ({ and }):
redirect_to("serraRedirect1.php?lastname={$_GET['lastname']}&firstname={$_GET['firstname']}&emailconf={$_GET['emailconf']}&entree={$_GET['entree']}&lastname2={$_GET['lastname2']}&firstname2={$_GET['firstname2']}&entree2={$_GET['entree2']}&meal_cost={$_GET['meal_cost']}");
redirect_to("serraRedirect1.php?lastname={$_GET['lastname']}&firstname={$_GET['firstname']}&emailconf={$_GET['emailconf']}&entree={$_GET['entree']}&lastname2={$_GET['lastname2']}&firstname2={$_GET['firstname2']}&entree2={$_GET['entree2']}&meal_cost={$_GET['meal_cost']}");
redirect_to( sprintf("serraRedirect1.php?lastname=%s&firstname=%s&emailconf=%s&entree=%s&lastname2=%s&firstname2=%s&entree2=%s&meal_cost=%s",
$_GET['lastname'], $_GET['firstname'], $_GET['emailconf'], $_GET['entree'], $_GET['lastname2'], $_GET['firstname2'], $_GET['entree2'], $_GET['entree2']
));
If you use the get method, everyone could see all the inforamation for all the users in your database.
In these situations I prefer to use sessions:
$_SESSION['username'] = $username;
redirect_to(.....);
and:
echo $_SESSION['username'];
in serraRedirect1.php
I am using wampserver for php and mysql database.
in my php file, after executing some code to insert in mysql database, I want to redirect browser to another html page that has php code in it. This page needs value of the variable id to fetch data from my sql database. So I send value of id by below code in the end of php code.
header('Location: lostItem.php?id=$id');
The recieving file has below code to get value of id.
$id= $_GET['id'];
But, it turns out that there is no value of id passed i.e. the receiving file shows url :
http://localhost/Lost%20and%20Found/lostItem.php?id=$id
instead of showing
http://localhost/Lost%20and%20Found/lostItem.php?id=11
I already have another page that sends same data (value of id) to receiving file. It has below code in it for that.
echo "<a class='listOfItems' href='lostItem.php?id=$id'>";
echo $item;
echo "</a>";
And that works fine. But when I try to do same thing by using header, it doesn't work. Before using header, I have made sure that variable $id has right integer value. But it doesn't send that value by using header.
Is it that data can't be sent by this method using header? If so, please suggest an alternative method.
basic php notation, in single quotes variables are not interpreted
header("Location: lostItem.php?id=$id");
to be strict, location should use a full URI not a relative one
header("Location: http://www.example.com/lostItem.php?id=$id");
use curly bracket upon variable when you used variable value in string, Please try this
header("Location: lostItem.php?id={$id}");
Single quotes does not process variables, PHP ignores all your variables so you need to concatenate variable using concatenate operator (.)
header('Location: lostItem.php?id='.$id); // fast than double quotes
or
header("Location: lostItem.php?id=$id");
Is it possible to append a parameter to a PHP Header Location? I'm having trouble getting it to work. Is this syntax actually allowed?
$qry = $_SERVER['QUERY_STRING'];
header('Location: http://localhost/blast/v2/?$qry ') ;
it just won't replace $qry wit its actual value....why??
in the browser it ends up looking like this:
http://localhost/blast/v2/?$qry
thanks
Change the single quotes to double quotes:
header("Location: http://localhost/blast/v2/?$qry");
A single quoted string in PHP is treated as a string literal, which is not parsed for variables. Double quoted strings are parsed for variables, so you will get whatever $qry contains appended, instead of literally $qry.
You can also add multiple parameters via a header like:
$divert=$row['id']."¶m1=".($param1)."¶m2=".($param2);
header("Location:showflagsab.php?id=$divert");
which adds the two additional paramaters to the original id
These can be extracted using the $get method at their destination
I know this is a very old post, but please, do not do this. Parameters in a header are XSS vulnerable. You can read more about XSS'ing here: owasp.org/index.php/Cross-site_Scripting_(XSS)
wiles How to Fix the XSS attack on header location
$param = $_REQUEST['bcd'];
header("Location: abc.php/?id=$param");