I use a query string, for example test.php?var=1.
How can I check if a user types anything after that, like another string...
I try to redirect to index.php if any other string (query string) follows my var query string.
Is it possible to check this?
For example:
test.php?var=12134 (This is a good link..)
test.php?a=23&var=123 (this is a bad link, redirect to index..)
test.php?var=123132&a=23 (this is a bad link, redirect to index..)
I'm not sure I fully understand what you want, but if you're not interested in the positioning of the parameters this should work:
if ( isset($_GET['var']) && count($_GET) > 1 ) {
//do something if var and another parameter is given
}
Look in $_SERVER['QUERY_STRING'].
Similar to Tom Haigh’s answer, you could also get the difference of the arguments you expect and those you actually get:
$argKeys = array_keys($_GET);
$additionalArgKeys = array_diff($argKeys, array('var'));
var_dump($additionalArgKeys);
test.php?a=23?var=123 (this is a bad link, redirect to index..)
In this case, you only have one variable sent, named "a" containing the value "a?var=123", therefore it shouldn't be a problem for you.
test.php?var=123132&a=23 (this is a bad link, redirect to index..)
In this case you have two variables sent, ("a" and "var").
In general you can check the $_GET array to see how many variables have been sent and act accordingly, by using count($_GET).
I think you are trying to get rid of unwanted parameters. This is usually done for security reasons.
There won't be a problem, however, if you preinitalize every variable you use and only use variables with $_GET['var'], $_POST['var'] or $_REQUEST['var'].
Related
So just a quick thought and I understand that there are millions of ways around this 'problem' but I was wondering if there is a character or format for both initiating and separating GET parameters. Let me explain:
I am redirecting the user to a link defined as a variable but adding on a parameter at the end like so:
Header("Location: ".$link."&err=1");
The problem is, some of these links ($link) will contain GET params and some will not. If the link does not already contain GET parameters, '&' will not work as an initiator.
Header("Location: page&err=1");
And if the link does already contain parameters, '?' will not work as a separating character.
Header("Location: page?val=123?err=1");
So again, I know there are many ways around this and I'm not lookign for someone to code a simple check for me but I'm curious about the link formatting aspect and I can't find anything through my own research. I'm honestly expecting that the answer is 'not possible' but I'm intrigued enough to ask now, thanks.
No.
? starts the query string.
& and ; separate key=value pairs in application/x-www-form-urlencoded data which is the format most back ends expect. (; hasn't got as good a level of support).
Will parse_url() not work?
Specifically parse_url($url, PHP_URL_QUERY);
http_build_query() could also be useful
First of all I have checked the other suggested answers and I'm not certain whether they actually cover the question I've got. I'm very new to PHP so please forgive me if I am asking what sounds like a stupid question.
I have a php file which is called from another php file with a parameter
I understand how this works in the calling file.
I don't understand how to extract the parameter contents into a variable at the target end.
Let's say for a moment that in the address bar of the browser I get this:
targetfilename?parameter=Fred_hippy
I now want to pass "Fred" and "hippy" to a two-element array inside targetname.php. That's it, nothing else. (I said I was new to PHP.)
I think the way to do this is:
$file = substr($targetfilename, 13);
$name = explode("_", $file);
Is that correct please? If not could somebody tweak it please?
Thanks.
All parameters (everything after the ?) are returned as $_GET or $_POST array. If you are typing into the address bar (as opposed to using a FORM) then it is always GET. PHP makes it really easy:
$parameter = $_GET['parameter'];
$name = explode("_",$parameter);
That leaves $name[0] = 'Fred' and $name[1] = 'hippy'.
In older versions of PHP, the $_GET to variable assignment was done automagically, which was very useful but also opened a lot of possible security issues, so that has been deprecated.
Another note based on comments. An alternative to:
targetfilename?parameter=Fred_hippy
is
targetfilename?name=Fred&status=hippy
which would be read in PHP as:
$name = $_GET['name'];
$status = $_GET['status'];
with no explode() needed. Basically, PHP understands the standard protocol for sending parameters via GET & POST and takes care of a lot of the details for you.
I have a page that does a re-direct as such, following the guidelines from this SO Post.
header("Location: http://www.fivefoo.com?uid=johnny");
die();
This small php file is located here in index.php of course.
http://www.fivefoo.com/johnny
What I did was just add on a query to the re-direct
?uid=johnny.
First and main question. Am I allowed to to do this?
Secondly, where do I retrieve the query values. My guess, would be the $_GET global.
Yes you are allowed to do this (why shouldn't you be?)
Yes, you can get the query values from the $_GET superglobal array. More specifically, $_GET['uid'] will contain the text 'johnny' (without the quotes of course).
Yes, you can do this.
Yes, the $_GET is used for this, so $_GET['uid'] in your example would return 'johnny'.
More info here
I have part of a query string that I want to make a replacement in. I want to use preg_replace but am kind of hung up on the regex.
Can someone please help? What I need replaced are the GET vars.
Here is the string:
bikeType=G&nikeNumber=4351
PHP has a convenient function to parse query strings: parse_str(). You might want to take a look at that or provide more details as your question isn't exactly clear.
You can use parse_str as was mentioned already.
In addition, if you want to put them back into a query string you can use http_build_query
Example:
parse_str('bikeType=G&nikeNumber=4351', $params);
$params['bikeType'] = 'F';
$params['nikeNumber'] = '1234';
echo http_build_query($params, '', '&');
Output
bikeType=F&nikeNumber=1234
Please note that you should not use parse_str without the second argument (or at least not with some consideration). When you leave it out, PHP will create variables from the query params in the current scope. That can lead to security issues. Malicious users could use it to overwrite other variables, e.g.
// somewhere in your code you assigned the current user's role
$role = $_SESSION['currentUser']['role'];
// later in the same scope you do
parse_str('bikeType=G&nikeNumber=4351&role=admin');
// somewhere later you check if the user is an admin
if($role === "admin") { /* trouble */ }
Another note: using the third param for http_build_query is recommended, because the proper encoding for an ampersand is &. Some validators will complain if you put just the & in there.
I am very curious on how to do this. I want a PHP script to look at the string after the URL link and echo the value.
For example, if I entered:
"http://mywebsite.com/script.php?=43892"
the script will echo the value 43892. I have seen this in most websites, and I think it will be a very useful to have in my application.
Thanks,
Kevin
You mean, something like
http://mywebsite.com/script.php?MyVariable=43892
? Variables provided at the end of the URL like that are available in the $_GET array. So if you visited the above URL and there was a line on the page that said
echo $_GET['MyVariable'];
then 43892 would be echoed.
Do be aware that you shouldn't trust user input like this - treat any user input as potentially malicious, and sanitise it.
echo filter_var($_SERVER['QUERY_STRING'], FILTER_SANITIZE_NUMBER_INT);
The sanitation is because in your example the query string is =43892, not 43892. The filter used "remove[s] all characters except digits, plus and minus sign".
Don't you mean http://mywebsite.com/script.php?43892 ?
You can either use apache URL rewriting or try to extract all entries from $_GET and look a the one which looks like a number or simply doesn't have a value.
Try manually parsing the URL like this
$geturl = $_SERVER['REQUEST_URI'];
$spliturl = explode("?",$geturl);
$get
= explode("=",$spliturl[0]);
echo $get[1];
:)
Before I really answer your question, I just have to say that most sites - at least that I have seen - actually use ?43892, with the =. This is also much easier than using it with = in my opinion.
So, now to the actual answer. You can simply extra the query string using $_SERVER['QUERY_STRING'].
An example:
User requests index.php?12345:
<?php
echo $_SERVER['QUERY_STRING'];
?>
Output:
12345
Note that you can also use something like
<?php
if(substr($_SERVER['QUERY_STRING'], 0, 1) == '=') {
$query_string = substr($_SERVER['QUERY_STRING'], 1);
}else{
$query_string = $_SERVER['QUERY_STRING'];
}
echo $query_string;
to support ?=12345 as well as 12345, with the same result. Note also that ?=12345 would not be available as $_GET[''] either.
The way you usualy use query parameters is by assigning them like http://mywebsite.com/script.php?var1=123&var2=234
Then you will be able to access them by $_GET['var1'] and $_GET['var2'] in your PHP script
I'de recommand parse-url for this. The documentation contains all you (I think) need.