How do I pass Vars?

[monkeybidz]

Trying to pass VARS $URL1 and $type to header location.Heres the code.

 

$URL1 = $_POST['url'];
$type = $_POST['type_request'];

session_start();
$string = strtoupper($_SESSION['string']);
$userstring = strtoupper($_POST['userstring']); 
session_destroy();   

if (($string == $userstring) && (strlen($string) > 4)) {
header("Location: $success");
exit();

 

The VARS come from a FORM and then go to this script for checkind data. I need to have them continue to the next page.

 

 

[nicholasolsen]

 

You could pass the vars through the URL, then use the GET method to retrieve the data on the next page.

 

Your current redirection:

header("Location: $success");

 

Replace it with:

header("Location: $success&var1=$var1&var2=$var2&var3=$var3");

 

On the next page, use the following code to retrieve the data:

$var1 = $_GET['var1'];
$var2 = $_GET['var2'];
$var3 = $_GET['var3'];

 

Note: When using the GET method to retrieve data, make sure you write a security-script that kills the load if the vars are "unknown". You should therefore only have a set of keywords allowed per var.

 

Example:

if (isset($_GET)) {

if ($var1 == "allowedKeyword") {
echo "This is allowed";
exit();
}
if ($var2 == "allowedKeyword") {
echo "This is allowed too";
exit();
}
if ($var3 == "allowedKeyword") {
echo "This is allowed toooo!";
exit();
}
else {

echo "One or more of the variables are tempered with, and therefore the script has been killed.";

}

}

[monkeybidz]

I was hoping to pass them without revealing the var in the url bar or box.

[kenrbnsn]

Use sessions.

 

At the start of your first script put

<?php
session_start();
?>

then right before the header() call, put

<?php
$_SESSION['url'] = $URL;
$_SESSION['type'] = $type;
?>

 

In the second script put

<?php
session_start();
$URL = $_SESSION['url'];
$type = $_SESSION['type'];
?>

 

Ken

[monkeybidz]

What the problem here is that I used to have a form that posted directly to another page, but I added CAPTCHA and now the page redirects to a data check page and then to its destination if no errors, but tghis doesn't let the vars go through.

 

Is there a way to hide the vars from the url or shorten the url so the vars are not exposed?

[kenrbnsn]

Did you try using sessions?

 

Ken

[monkeybidz]

Yup! Vars would not appear. Guessing theres a conflict with another session, the only way it works is if I use the way nicolassolsen said like:

header("Location: $success&var1=$var1&var2=$var2&var3=$var3");

But this works and exposes my vars information. I need to hide the new vars because someone made an automated script that floods my site with requests. I changed the vars names to buy me some time. Is there a way to give the page an alias in the url bar?

[kenrbnsn]

Please post the code you tried when using sessions.

 

Another way to do it is to store the vars in a database table and then retrieve them.

 

Ken