Slam Posted May 17, 2013 Share Posted May 17, 2013 Hi, I have a problem with multiple variables in url when I try to echo out content based on variable from url. First things first. When I have url like www.example.com/user.php?username=joe (assuming that joe exists in DB) I do: if (!isset($_GET['username']) || empty($_GET['username']) || ($username_exists === false)){ header('Location: /'); exit(); } // echo content related to $_GET['username'] and it's working fine, but if I have url like www.example.com/user.php?username=joe§ion=bio I tried if (!isset($_GET['username']) || empty($_GET['username']) || ($username_exists === false)){ header('Location: /'); exit(); } // echo content related to $_GET['username'] if (!isset($_GET['section']) || empty($_GET['section']) || ($_GET['section'] !== 'bio')){ header('Location: /'); exit(); } // echo some content related to $_GET['section'] and result of that code is (when the url is): www.example.com/user.php?username=joe§ion=bio // true, echos out $_GET['username'] and $_GET['section'] www.example.com/user.php?username=joe§ion=otherbio // true, redirect www.example.com/user.php?username=joe§ion= // true, redirect www.example.com/user.php?username=joe&madeupsection // true, redirect www.example.com/user.php?username=joe& // true, redirect www.example.com/user.php?username=joe // I thought that this wil echo out only content related to $_GET['username'], but I get redirect, and that redirect comes from $_GET['section'] Even though username is correct I get redirect because $_GET['section'] is not set, am I right? So how can I echo out content related to $_GET['username'] when $_GET['section'] is not set or empty or !==bio ?? Quote Link to comment Share on other sites More sharing options...
requinix Posted May 17, 2013 Share Posted May 17, 2013 You cannot show content and redirect at the same time. You have to decide what to do: do you show the user information or do you redirect? Sounds like what you want to do is show the user information. If so then the "bio" thing has nothing to do with redirecting because if it's present you show user+bio information and if it isn't you show only the user information. In other words, don't redirect. Quote Link to comment Share on other sites More sharing options...
denno020 Posted May 17, 2013 Share Posted May 17, 2013 What you're saying is correct, you're getting a redirect because 'section' isn't set, which is therefore satisfying the first condition of the second if statement. The only way to be able to echo out content related to username even if section isn't set or what it should be is to remove the checking of section.. Quote Link to comment Share on other sites More sharing options...
Slam Posted May 17, 2013 Author Share Posted May 17, 2013 So instead of redirect when section isn't set I should echo nothing?? like so: if (!isset($_GET['username']) || empty($_GET['username']) || ($username_exists === false)){ header('Location: /'); exit(); } // echo content related to $_GET['username'] if (!isset($_GET['section']) || empty($_GET['section']) || ($_GET['section'] !== 'bio')){ echo ''; } // echo some content related to $_GET['section'] It works like this, but now user can type whatever he wants after this url www.example.com/user.php?username=joe& But is it safe?? Quote Link to comment Share on other sites More sharing options...
requinix Posted May 17, 2013 Share Posted May 17, 2013 But if the section thing is missing your code will continue onward and try to show the section stuff. Rather than test if the section is missing, how about checking if it's present? If it is then show the section stuff, otherwise don't. Quote Link to comment Share on other sites More sharing options...
Slam Posted May 17, 2013 Author Share Posted May 17, 2013 Ok, thanks for replies. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.