[SOLVED] $_GET workaround??

[TonyB171]

Hello

 

I had a script maker develop a plugin for us, but they have since disappeared. I have developed the cosmetic aspect of the plugin and have adjusted some of the less complicated code to suit our needs, but I am a bit stuck with the following.

 

The plugin works very well, but a problem has just been reported that we were completely unaware of until now. The plugin was developed for use on and in conjunction with an existing script - it is permitted under the licence.

 

Our plugin uses a standard template and creates pages for individuals from that template, giving the their own 'affiliate' page. Their user name is automatically inserted into the relevant areas of the page using $_GET[refid].

 

The page that is created by our plugin is called user_name.php (where user_name is the actual member's unique user ID). The full URL for credit is then domain.tld/pages/user_name.php?refid=user_name.

 

All of this works fine, however part of the core script (over which we have no control) refreshes the page after a visitor has clicked on certain links - it is a feature of that script. On refreshing, the '?refid=user_name' is removed and replaced with '?startpos....' . This invalidates the $_GET[refid] from our plugin. This is not too much of a problem when only one of these pages is being viewed by any particular user, but when someone has more than one affiliate page open and clicks links from more than one page at a time, the refid is taken from the last one in the browser's cache. This means that user_nameA.php's page can display the refid's of user_nameB. Whilst this doesn't affect the links on the pages (the correct links still show on the correct page), cosmetically it looks very unprofessional and some users 'think' they are being cheated.

 

I think the solution I need is; Can the $_GET[refid] have a variable so that if '?refid=user_name' is present, all is good, but if it cannot be found in the URL, then that field is left empty on the page?

 

Here are a couple of examples of it's use in the page:

 

<title><?= $_GET['refid'] ?> 's <? site_name(); ?> Affiliate Page</title>

 

<a href="/pages/index.php?refid=<?= $_GET['refid'] ?>"><? echo $sitebanner; ?></a>

 

<?= $_GET['refid'] ?> Recommends

 

 

I have been searching for information all day and have little to show for it, but at least I now have an idea where the problem is. I just don't know how to fix it. I realise that all the experts here will get a laugh out of something potentially simple, but any assistance would be gratefully accepted.

 

I hope my explanation wasn't too confusing, just trying to explain the situation in as much detail as possible.

 

Best Regards

 

Tony

[Andy-H]

$refID = isSet($_GET['refid']) ? $_GET['refid'] : '';

[Andy-H]

Also you shouldn't really use short tags as it's bad for script portability and generally considered bad practice. 

 

Also echo'ing raw get / post (or user inputted data in general) can leave you vunerable to xss attacks. You should look into using HTMLentities () or at the very least, strip_tags()

 

www.php.net/htmlentities

www.php.net/strip_tags

[BK87]

try putting <?php sometime webhosts like to make you use <?php only and not <?

[TonyB171]

Hello

 

Thank you both for your input.

 

I have replaced the

 

<?= $_GET['refid'] ?>

 

with

 

<?php $refID = isSet($_GET['refid']) ? $_GET['refid'] : ''; ?>

 

Whilst that has the desired effect when the '?refid=user_name' is not present in the URL, it also shows as blank when the '?refid=user_name' is present.

 

The pages are usually viewed when the affiliate member advertises their affiliate link which comprises 'domain.tld/pages/user_name.php?refid=user_name'. It is necessary to show the user name within the page on the first visit. These pages are viewed by anyone on the 'net and the member receives a credit per unique view.

 

However, the pages that are viewed by fellow members can also click on certain links within that page and also receive credit. It is when these members click the links and the page is refreshed by the script that causes the problem (the scripts removes the refid part from the URL). Normal, browser refreshing is not a problem.

 

I need the $_GET[refid] to at least work on the first view of the page, which it did originally - on subsequent views/page refreshes it is not critical, but I do not want it to show the refid of another user (i.e. one that the page does not belong to) which is what was happening. The code you have kindly shown solves the latter part of the problem, but means that the refid is not shown on any page view.

 

Perhaps I am looking at the wrong area of code?

 

T

[BK87]

see if anything is being passed through.... print_r($_GET);

[Andy-H]

My bad, should have explained more thouroughly.

 

<?php
//Put this at the top of the page.
$refID = isSet( $_GET['refid'] ) ? stripSlashes(HTMLentities($_GET['refid'], ENT_QUOTES)) : '';

/* If you wish to add a default ref ID put it in the single quotes after the :
Then when you echo the value use:
*/
echo $refID;

/*And for PHP tags, Always use <?php ?> rather than <? ?> (A.K.A Short-tags)*/
?>

[TonyB171]

My bad, should have explained more thouroughly.

 

<?php
//Put this at the top of the page.
$refID = isSet( $_GET['refid'] ) ? stripSlashes(HTMLentities($_GET['refid'], ENT_QUOTES)) : '';

/* If you wish to add a default ref ID put it in the single quotes after the :
Then when you echo the value use:
*/
echo $refID;

/*And for PHP tags, Always use <?php ?> rather than <? ?> (A.K.A Short-tags)*/
?>

 

Hello

 

Thank you so much Andy, this was exactly what I needed even though I probably went around the houses to try and explain, lol.

 

Unfortunately I won't be able to use a default refid as this plugin gets installed on different sites, but it is great to know that the option is available.

 

Thank you once again, your help is very much appreciated

 

Best Regards

 

Tony

[Andy-H]

No problem, dont forget to use the proper php tags if the script is a plugin as some servers may have short tags turned off