I have two pages. First one we open with $_POST variables in its url, the second one opens inside first via iframe. Both php files, second is for html manipulation.
Variables I got in $_POST are passed to iframe via $_GET:
echo '<iframe src="index.php&first=' . $first . '&second=' . $second . '&third=' . $third . '&iframe=true"></iframe>';
$first, $second, $third variables has text inside them with some html and new lines (\n).
The problem is, when data is passed to iframe by $_GET, all the new lines in variables disappear.
Tryed to pass variables like base64_encode($first), and then decode them by base64_decode(). It works buggy, some parts of text don't decode correctly, maybe because of bad symbols in iframe url.
Also tryed to throw all the variables into single array, serialize it and then encode by base64 - this way server gives error 500 (it also gives the same error for 404).
Please don't ask me why I did such structure of pages. It should not be changed.
What is the solution for this?
What about an urlencode after the base64_encode?
Depending on your situation you could also use Javascript to access the parent frame.
You could store the data in a javascript array of the first window, then the iframe sub window could call it via parent.*
Some more details from other questions.
You could write the contents of $first,$second,$third to first.txt,second.txt,third.txt and then open the text files inside your iframe script
Your initial approach is wrong.
POST variable shouldn't go anywhere.
After the POST request server have to order browser to reload the page.
Whole page, not only iframe in it.
After that reload you may show any iframes to user.
To pass the data there, a session would be ideal solution.
However, certain solution depends on the data nature and overall purpose of all the mess.
Related
How does one access and receive back a variable from a PHP file with a HTTP Request?
I have gotten a HTTP Request to connect to my .PHP file. What I wanted to do next is for example reference that I want to receive $testvariable = 1; back but I have no idea where to begin. The HTTP parameters don't really let me reference this $testvariable directly.
What if the PHP file has simply one function and at the end of it it does a return $testvariable;? Would HTTP receive back this one variable? What if I need more than one. Maybe try and get the PHP to place parameters in the URL and the HTTP reads those parameters in the url? Maybe these "headers" are key to this...
I figured it out. HTTP Request gets back ALL that is on your HTML page. It seems like it ignores <html><body> tags but everything else in the body gets taken back at your response. Even if your answer is " 1 " but you have a single space around it your response is 1 including blank spaces. You need a clean "1".
Passing variables works by using the contents field. You place your values and assign them to a string like number= that then gets posted on the page. When a page is loaded, it can look for a variable under the same name like $test = $_POST['number']; and take the value within that variable and use it further where it needs to on your page.
I have a few links that look like this:
https://www.example.com/find?category=food%20%26%20drink
Clicking on the link should take me to a page where I can GET the variable, and it SHOULD read "food & drink".
However, when I click the link, it takes me to this url instead:
https://www.example.com/find?category=food%2520%2526%2520drink
the variable reads: food%20%26%20drink.
If I paste the first url into the search-bar directly, it works fine. But if I click on it as a link, then it gets re-encoded somehow.
Any idea how to get it to read "food & drink" even though it comes from a different page?
many thanks in advance!
Realized the links were written as http instead of https.
Consequently, they were being re-written by the htaccess file to https when clicked, and also being re-encoded at the same time.
The link you have is double encoded. The possible solution to this would be
Find line of code where the link getting encoded again and make suer not encode if encoded already. Couple of examples are given here Click Here
If there is no way you can change the code form where the URL is getting generated, then you have to use urldecode twice to parse the url params
<?php
$query = "https://www.example.com/find?category=food%2520%2526%2520drink";
$param = explode("=", $query);
print_r(urldecode(urldecode($param[1])));
?>
Hope this helps!
I'm kind of a noob at this stuff.
But I've been browsing around and I see sites that are kind alike this
www.store.com/product.php?id=123
this is really cool. but How do I do it?
Im stuck using something like this
www.store.com/product/product123.php
If you could tell me how I can go about do this it would be awesome!
What you're looking at is a $_GET argument.
In your PHP code, try writing something like this:
$value = $_GET['foo'];
Then open your page like this:
hello.php?foo=123
This will set $value to 123.
You need to use the $_GET here.
if you use the following:
?id=123
then this will be how to use it and the result
$_GET['id'] (returns the 123)
You can use as many $_GET arguments as you need, for example:
?id=123&foo=bar&type=product
$_GET is an array of what parameters are in the url, so you use it the same way as an array.
Create a file called product.php with this code:
<?php
echo "The argument you passed was: " . $_GET['id'];
?>
Now run this URL in your browser:
http://<yourdomain>/product.php?id=123
and you will understand how $_GET works.
Those are called URL parameters (what they're contained in is called a query string), and they're not unique to PHP but can be accessed in PHP using the $_GET superglobal.
Similarly, you can get POST parameters using the $_POST superglobal, though in POST requests, these parameters are not appended to the URL.
Note: Generally, for usability purposes (and thus also SEO purposes), you want to avoid using query strings as much as possible. These days, the standard practice is to use URL rewriting to display friendly URLs to the user. So your application might accept a URL like:
/products.php?id=32
But the user only sees:
/product/32
You can do this by using mod_rewrite or similar URL rewriting capabilities to turn the friendly URL into the former query string URL internally, without having the user type out the query string.
You might want to have a look at the documentation at www.php.net, especially these pages: http://www.php.net/manual/en/reserved.variables.php
Specifically, have a look at $_GET and $_POST, which are two frequently used ways to transmit information from a browser to the server. (In short, GET-parameters are specified in the URL, as in your question, while POST-parameters are "hidden from view", but can contain more data - typically the contents of forms etc, such as the textbox you posted your question in).
I use;
$referrer = $_GET['_url'];
If I echo $referrer; it will display correctly.
If I use $referrer within a $_POST, it is empty. I think due to $referrer being assigned to $_GET.
How can I extract the value of $referrer into another variable so it is no longer assigned to the $_GET?
I hope that makes sense..
$_POST will only contain data IF you send that from form.
So, your code is basically right. Because you use referrer from within your URL.
If you really want to have $referer from $_POST, you will have to code something like this:
<form method="post" action="somewhere.php">
<input type="hidden" name="_url" value="{place the referrer here}" />
</form>
Or, like #Michael Gillette answer, you can change that with $_REQUEST.
hope that makes sense..
sorry, but it doesn't :)
$referrer become distinct variable with no relation to $_GET['_url']. It already contains value extracted from $_GET
there are not a single reason for $_GET sourced variables to conflict with $_POST.
Your problem is somewhere else.
It seems you're just trying to access variable that doesn't exist. Because every variable dies along with whole PHP after it's execution.
PHP scripts execution is atomic. It's not like a desktop application constantly running in your browser, and not even a demon with persistent connection to your desktop application. It's more like a command line utility - doing it's job and exits. It runs discrete:
a browser makes a call
PHP wakes up, creates an HTML page, sends it to the browser and dies
Browser renders that HTML and shows it to the user.
User clicks a link
a browser makes a call
another PHP instance, knowing nothing of the previous call, wakes up and so on
So, if you set your $referrer in one instance and trying to access it in another, it will fail. You have to re-sent it's value with next call
Use the clone keyword, as seen in the examples in this article:
http://php.net/manual/en/language.references.php
could you post an example of what you might like to do?
$referrer = $_REQUEST['_url'];
will return true on both GET and POST requests
I am designing a site where external links form various are being shown on my page. I am using
$url=$_GET['url'];
$website_data = file_get_contents($url);
echo $website_data;
so essentially a user would click on a hyperlink which is something like www.test.com/display_page.php?url=http://www.xyz.com/article/2.jpg
My page, list_of_images.php, typically has a list of images with href for each image as above on the page and when any image is clicked it would go to display_page.php, which would show our banner on the top of this page, some text and then this image beneath that. This image could be from any website.
I am currently sending the url directly and grabbing it using GET. I understand that users/hackers can actually do some coding and send commands for the url variable and could break the server or do something harmful and so i would like to avoid this method or sending the url directly in the header. what is the alternate approach for this problem?
The safe approach is to use a fixed set of resources stored in either an array or a database, and the appropriate key as a parameter.
$ress = Array('1' => 'http://www.google.com/', ...);
$res = $ress[$_GET['res']];
I would make sure the url starts with http:// or https://:
if(preg_match("`^https?://`i", $_GET['url']))
// do stuff
You may also want to make sure it isn't pointing anywhere internal:
if(preg_match('`^https?://(?!localhost|127\.|192\.|10\.0\.)`i', $_GET['url']))
// do stuff
Rather than a big dirty regex, you could go for a more elegant host black-list approach, but you get my drift...
Try POST....
Try doing this using POST method