rick.emmet Posted July 21, 2013 Share Posted July 21, 2013 Hi Everyone,I have a (hopefully) quick question. When I send a single piece of data in the URL to the next webpage, I get the behavior I'm expecting. I need to send two pieces of data and can not get it to work. I have session_start() at the top of both pages and session.use_trans_sid in my php.ini is set to 0 for security reasons. The PHP manual says that I can use htmlspecialchars(SID), it says: The following example demonstrates how to register a variable, and how to link correctly to another page using SID. <?php session_start(); if (empty($_SESSION['count'])) { $_SESSION['count'] = 1; } else { $_SESSION['count']++; } ?> <p> Hello visitor, you have seen this page <?php echo $_SESSION['count']; ?> times. </p> <p> To continue, <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?>">click here</a>. </p> The htmlspecialchars() may be used when printing the SID in order to prevent XSS related attacks. OK, good enough. I need to send the SID to the next page, and I need to send the instance_id too. What I have tried to use to do is this: <a href="srch_detail_autos.php?instance_id=<?php echo $row_rsautos['instance_id']; ?>"?session_id="<?php echo htmlspecialchars(SID); ?>" ><?php echo stripslashes($row_rsautos['title']); ?></a> <a href="srch_detail_autos.php?instance_id=<?php echo $row_rsautos['instance_id']; ?>"?session_id='<?php echo htmlspecialchars(SID); ?>' ><?php echo stripslashes($row_rsautos['title']); ?></a> The difference being the use of double quotes in the first and single quotes in the second. The code looks OK in the editor, all the mark up colors look good. When I hover over the link, I can see the URL of the target page and the instance_id, but nothing beyond that. I looks as if the browser is not reading the subsequent data (SID) I'm attempting to place in the URL. I also tried the following: <a href="srch_detail_autos.php?instance_id=<?php echo $row_rsautos['instance_id']; ?>?session_id=<?php echo htmlspecialchars(SID); ?>" ><?php echo stripslashes($row_rsautos['title']); ?></a> And when I hover over the link, I can see the instance_id and “session_id=” but no SID. The browser is not reading the PHP echo statement.I also tried numerous other versions of this, but they looked completely wrong in the editor and /or throw errors. I seem to recall that there is a special character for this (to add more pieces of data to the URL), but everything I have plugged in to the code fails. Is there a simple way of writing more than one piece of data to the URL? Thanks very much for your time, I really appreciate it!Cheers,Rick Quote Link to comment https://forums.phpfreaks.com/topic/280377-htmlspecialchars/ Share on other sites More sharing options...
Strider64 Posted July 21, 2013 Share Posted July 21, 2013 To have a reliable link with session info in it, spell it out using session_name() and session_id(), not SID. Example:echo '<a href="page2.php?' . session_name() . ' =' . session_id() . ' ">page2</a>' ; Quote Link to comment https://forums.phpfreaks.com/topic/280377-htmlspecialchars/#findComment-1441605 Share on other sites More sharing options...
DavidAM Posted July 21, 2013 Share Posted July 21, 2013 I think the problem is the way you are specifying the separator between the two variables: http://www.domain.com?Variable=value http://www.domain.com?Variable=value&Another=somethingElseTo introduce the first parameter, you use the question-mark ("?") To introduce the second (and subsequent) parameter, you use an ampersand ("&") Quote Link to comment https://forums.phpfreaks.com/topic/280377-htmlspecialchars/#findComment-1441606 Share on other sites More sharing options...
Solution rick.emmet Posted July 22, 2013 Author Solution Share Posted July 22, 2013 Hello Strider and David, Thank you both so much for your time, there were just a couple of things I wasn't getting. I used the question mark for subsequent parameters (for some reason I thought it was some combination of "&" plus "%") and that worked well. Also, I couldn't use session_name() = session_id() becuse the name will be the same for every user. I did a little experimenting and came up with this: <a href="srch_detail_autos.php?instance_id=<?php echo $row_rsautos['instance_id']; ?>&column=<?php echo $_SESSION['column']; ?>&key_word=<?php echo $_SESSION['key_word']; ?>&session_id=<?php echo session_id(); ?>" > I was able to see the parameters in the URL, so that was a good sign. But I was still failing to get a result on the second page for two lines of code "echo $_SESSION['column'];" and "echo $_SESSION['key_word'];". So I just use $_GET, and it worked like a champ. Thanks again for your help!! cheers, Rick Quote Link to comment https://forums.phpfreaks.com/topic/280377-htmlspecialchars/#findComment-1441614 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.