Jump to content

[SOLVED] $_GET workaround??


TonyB171

Recommended Posts

Hello

 

I had a script maker develop a plugin for us, but they have since disappeared. I have developed the cosmetic aspect of the plugin and have adjusted some of the less complicated code to suit our needs, but I am a bit stuck with the following.

 

The plugin works very well, but a problem has just been reported that we were completely unaware of until now. The plugin was developed for use on and in conjunction with an existing script - it is permitted under the licence.

 

Our plugin uses a standard template and creates pages for individuals from that template, giving the their own 'affiliate' page. Their user name is automatically inserted into the relevant areas of the page using $_GET[refid].

 

The page that is created by our plugin is called user_name.php (where user_name is the actual member's unique user ID). The full URL for credit is then domain.tld/pages/user_name.php?refid=user_name.

 

All of this works fine, however part of the core script (over which we have no control) refreshes the page after a visitor has clicked on certain links - it is a feature of that script. On refreshing, the '?refid=user_name' is removed and replaced with '?startpos....' . This invalidates the $_GET[refid] from our plugin. This is not too much of a problem when only one of these pages is being viewed by any particular user, but when someone has more than one affiliate page open and clicks links from more than one page at a time, the refid is taken from the last one in the browser's cache. This means that user_nameA.php's page can display the refid's of user_nameB. Whilst this doesn't affect the links on the pages (the correct links still show on the correct page), cosmetically it looks very unprofessional and some users 'think' they are being cheated.

 

I think the solution I need is; Can the $_GET[refid] have a variable so that if '?refid=user_name' is present, all is good, but if it cannot be found in the URL, then that field is left empty on the page?

 

Here are a couple of examples of it's use in the page:

 

<title><?= $_GET['refid'] ?> 's <? site_name(); ?> Affiliate Page</title>

 

<a href="/pages/index.php?refid=<?= $_GET['refid'] ?>"><? echo $sitebanner; ?></a>

 

<?= $_GET['refid'] ?> Recommends

 

 

I have been searching for information all day and have little to show for it, but at least I now have an idea where the problem is. I just don't know how to fix it. I realise that all the experts here will get a laugh out of something potentially simple, but any assistance would be gratefully accepted.

 

I hope my explanation wasn't too confusing, just trying to explain the situation in as much detail as possible.

 

Best Regards

 

Tony

Link to comment
Share on other sites

Also you shouldn't really use short tags as it's bad for script portability and generally considered bad practice. 

 

Also echo'ing raw get / post (or user inputted data in general) can leave you vunerable to xss attacks. You should look into using HTMLentities () or at the very least, strip_tags()

 

www.php.net/htmlentities

www.php.net/strip_tags

Link to comment
Share on other sites

Hello

 

Thank you both for your input.

 

I have replaced the

 

<?= $_GET['refid'] ?>

 

with

 

<?php $refID = isSet($_GET['refid']) ? $_GET['refid'] : ''; ?>

 

Whilst that has the desired effect when the '?refid=user_name' is not present in the URL, it also shows as blank when the '?refid=user_name' is present.

 

The pages are usually viewed when the affiliate member advertises their affiliate link which comprises 'domain.tld/pages/user_name.php?refid=user_name'. It is necessary to show the user name within the page on the first visit. These pages are viewed by anyone on the 'net and the member receives a credit per unique view.

 

However, the pages that are viewed by fellow members can also click on certain links within that page and also receive credit. It is when these members click the links and the page is refreshed by the script that causes the problem (the scripts removes the refid part from the URL). Normal, browser refreshing is not a problem.

 

I need the $_GET[refid] to at least work on the first view of the page, which it did originally - on subsequent views/page refreshes it is not critical, but I do not want it to show the refid of another user (i.e. one that the page does not belong to) which is what was happening. The code you have kindly shown solves the latter part of the problem, but means that the refid is not shown on any page view.

 

Perhaps I am looking at the wrong area of code?

 

T

Link to comment
Share on other sites

My bad, should have explained more thouroughly.

 

<?php
//Put this at the top of the page.
$refID = isSet( $_GET['refid'] ) ? stripSlashes(HTMLentities($_GET['refid'], ENT_QUOTES)) : '';

/* If you wish to add a default ref ID put it in the single quotes after the :
Then when you echo the value use:
*/
echo $refID;

/*And for PHP tags, Always use <?php ?> rather than <? ?> (A.K.A Short-tags)*/
?>

Link to comment
Share on other sites

My bad, should have explained more thouroughly.

 

<?php
//Put this at the top of the page.
$refID = isSet( $_GET['refid'] ) ? stripSlashes(HTMLentities($_GET['refid'], ENT_QUOTES)) : '';

/* If you wish to add a default ref ID put it in the single quotes after the :
Then when you echo the value use:
*/
echo $refID;

/*And for PHP tags, Always use <?php ?> rather than <? ?> (A.K.A Short-tags)*/
?>

 

Hello

 

Thank you so much Andy, this was exactly what I needed even though I probably went around the houses to try and explain, lol.

 

Unfortunately I won't be able to use a default refid as this plugin gets installed on different sites, but it is great to know that the option is available.

 

Thank you once again, your help is very much appreciated

 

Best Regards

 

Tony

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.