Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories

Welcome to the new platform of Programmer's Heaven! We apologize for the inconvenience caused, if you visited us from a broken link of the previous version. The main reason to move to a new platform is to provide more effective and collaborative experience to you all. Please feel free to experience the new platform and use its exciting features. Contact us for any issue that you need to get clarified. We are more than happy to help you.

Problem passing variables with URL

milkmilk Posts: 1Member
I know this is a very simple problem, but I can't figure out why it's not working...

I have the following in index.php:

<?php
if (empty($pageid))
$pageid = "index";
require("header.php");
?>

In header.php, i have a link...

<?php
echo $pageid;
if ($pageid != "test1")
print "<a href="index.php?pageid=test1" >test1";
?>

The first time the page loads, $pageid does not exist, so it should be set to index. However, after I click on the link, the URL should pass a pageid variable to index.php. It does not do this. The echo statement always returns $pageid as "index".

I know I'm probably doing something really stupid, but please help!

Thanks!

Comments

  • DarQDarQ Posts: 1,625Member
    SUPERGLOBALS... please use them instead... here is how..

    fileA:
    LINK!!

    blaat.php:
    <?php
    echo $_GET['ID'];
    echo $_GET['username'];
    ?>
    checking their existance;
    <?php
    if (isset($_GET['ID'])) {
    //
    }
    ?>

    u should read the basic manual :-D


    : I know this is a very simple problem, but I can't figure out why it's not working...
    :
    : I have the following in index.php:
    :
    : <?php
    : if (empty($pageid))
    : $pageid = "index";
    : require("header.php");
    : ?>
    :
    : In header.php, i have a link...
    :
    : <?php
    : echo $pageid;
    : if ($pageid != "test1")
    : print "<a href="index.php?pageid=test1" >test1";
    : ?>
    :
    : The first time the page loads, $pageid does not exist, so it should be set to index. However, after I click on the link, the URL should pass a pageid variable to index.php. It does not do this. The echo statement always returns $pageid as "index".
    :
    : I know I'm probably doing something really stupid, but please help!
    :
    : Thanks!
    :

    [size=5][italic][blue]Dar[RED]Q[/RED][/blue][/italic][/size]
    url--> http://mark.space.servehttp.com

  • CoryCory Posts: 221Member
    Superglobals Will Work, However Enabling Them Is A High Security Risk. They Should Not Be Turned On Unless Required.

    When Refferencing A Get Variable...Do It By The Following

    $HTTP_GET_VARS['variablename']

    It Is More Typing, But WAY More Secure.

    Hope This Helps,

    Cory
  • DarQDarQ Posts: 1,625Member
    : Superglobals Will Work, However Enabling Them Is A High Security Risk. They Should Not Be Turned On Unless Required.
    [red]please explain WHY they are a "high security risk" [/red]
    :
    : When Refferencing A Get Variable...Do It By The Following
    :
    : $HTTP_GET_VARS['variablename']
    :
    : It Is More Typing, But WAY More Secure.
    [red]well, please explain why this is more secure.

    its ALL about register_globals=on in the php.ini config. the current versions all set it by default to OFF and then your scripts will NOT work with HTTP_*_VARS by only by $_POST/$_GET etc...

    (with register_globals (and similar) a client can INJECT variables)

    im pretty sure that in future versions, register globals and similar config features will be removed so then ALL your code needs some maintenance. Not upgrading is not an option, keep using old php versions and the more at risk you become.
    [/red]
    :
    : Hope This Helps,
    :
    : Cory
    :

    [size=5][italic][blue]Dar[RED]Q[/RED][/blue][/italic][/size]
    url--> http://mark.space.servehttp.com

  • JonathanJonathan Posts: 2,914Member
    : : Superglobals Will Work, However Enabling Them Is A High Security
    : : Risk. They Should Not Be Turned On Unless Required.
    : [red]please explain WHY they are a "high security risk" [/red]
    I think there is confusion here between autoglobals and superglobals. I think that's what the PHP folks like to call them. In a nutshell...

    Using "autoglobals" creates variables automatically based upon the names of fields in the submitted data. E.G. suppose I put &name=fred in the query string a variable called $name would be created and the value of fred would be stored in it.

    Why is that a problem? Well, imagine this badly written code:-

    if (authenticate()) { $authenticated = 1; }

    if ($authenticated == 1) {
    # secret stuff
    }

    Problem here is that $authenticated was never preset to 0 in the script, so a (l)user can just put &authenticated=1 in the query string and bob's your uncle.

    Superglobals put data from the query string, POST, etc in hashes (associative arrays). So unless you're throwing variables in as the key, you're unlikely to be at such a risk.

    Jonathan

    ###
    for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

  • DarQDarQ Posts: 1,625Member
    : : : Superglobals Will Work, However Enabling Them Is A High Security
    : : : Risk. They Should Not Be Turned On Unless Required.
    : : [red]please explain WHY they are a "high security risk" [/red]
    : I think there is confusion here between autoglobals and superglobals. I think that's what the PHP folks like to call them. In a nutshell...
    :
    : Using "autoglobals" creates variables automatically based upon the names of fields in the submitted data. E.G. suppose I put &name=fred in the query string a variable called $name would be created and the value of fred would be stored in it.
    :
    : Why is that a problem? Well, imagine this badly written code:-
    :
    : if (authenticate()) { $authenticated = 1; }
    :
    : if ($authenticated == 1) {
    : # secret stuff
    : }
    :
    : Problem here is that $authenticated was never preset to 0 in the script, so a (l)user can just put &authenticated=1 in the query string and bob's your uncle.
    [red]THAT's the good poing... u are better in explaining such stuff :-D[/red]
    :
    : Superglobals put data from the query string, POST, etc in hashes (associative arrays). So unless you're throwing variables in as the key, you're unlikely to be at such a risk.
    :
    : Jonathan
    :
    : ###
    : for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    : (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    : /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");
    :
    :

    [size=5][italic][blue]Dar[RED]Q[/RED][/blue][/italic][/size]
    url--> http://mark.space.servehttp.com

Sign In or Register to comment.