Jump to content

Custom action

SirPereira

By SirPereira
in PHP Coding Help

 Share

Recommended Posts

SirPereira Newbie

SirPereira

Posted
Posted

Hey guys,

Imagine that I have some videos with some ID's. I have a page player (player.php), that will get the video's ID with GET value, and then retrieve it's settings from database.

 

Now, I've some links in my main page, that links to something link "?view=xxxx" -> xxxx is the id number.

 

Well, it will make that verification in index.php, as I want it to make. But how can I check if the action was view, then it sends the ID to the player page, so it can check what is its settings.

 

Regards :)

Link to comment
https://forums.phpfreaks.com/topic/197443-custom-action/
Share on other sites
monkeytooth Advanced Member

monkeytooth

Posted
Posted

if your trying to find out if "view" is set in the URL try

 

if(empty($_GET['view'])){/*not there or left blank*/}else{/*found something yay! do my bidding*/}

 

Though I cant emphasis enough assuming more so that your using a database for your id's, that you need to make sure the variable used in "view=" is a legitimate string, be it only alpha numeric, or just numbers, or whatever the case. as well as stripslashes from the string, check for quotes, and other various methods of exploitation to either hijack your site or mess with your database via injection. SCRUB your inputs!!  :D

Link to comment
https://forums.phpfreaks.com/topic/197443-custom-action/#findComment-1036303
Share on other sites
SirPereira Newbie

SirPereira

Posted
  • Author
Posted

if your trying to find out if "view" is set in the URL try

 

if(empty($_GET['view'])){/*not there or left blank*/}else{/*found something yay! do my bidding*/}

 

Though I cant emphasis enough assuming more so that your using a database for your id's, that you need to make sure the variable used in "view=" is a legitimate string, be it only alpha numeric, or just numbers, or whatever the case. as well as stripslashes from the string, check for quotes, and other various methods of exploitation to either hijack your site or mess with your database via injection. SCRUB your inputs!!  :D

 

I always forget to prevent the sql injection things. There isn't something that I can just include globally, so it will check for it?

 

Another thing according to my first question, well, so imagine that I have a system like this.

 

- Videos

-- Add

-- Modify

-- Delete

-- View

-- Rating

 

- Users

-- Add

-- Modify

-- Delete

 

- News

-- Add

-- Modify

-- Delete

 

And imagine I want a system for it with GET method. Like ?view=news; or ?view=user&id=23; or ?modify=video&id=3.

 

I think you got it.

 

How do you recommend me to do something like this?

 

Regards and thanks for helping :)

Link to comment
https://forums.phpfreaks.com/topic/197443-custom-action/#findComment-1036523
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.