RavinduL Posted September 15, 2013 Share Posted September 15, 2013 Hello, right now, I am making a PHP page and I want to know how to make PHP detect what I call 'URL or domain extensions'. For example, if the URL is index.php?code=123 , The URL is 'index.php' and The extension is ?code=123 I want to get the '123' value from the 'code' prefix to a variable so I can use it for other things like #import 123 to variable 'code' echo "$code"; Please tell me how this happens. Thx. P.S. If my English is faulty please forgive me. Quote Link to comment Share on other sites More sharing options...
Solution cataiin Posted September 15, 2013 Solution Share Posted September 15, 2013 (edited) $code = $_GET["code"]; echo $code; on index.php. Edited September 15, 2013 by cataiin Quote Link to comment Share on other sites More sharing options...
Guber-X Posted September 15, 2013 Share Posted September 15, 2013 cataiin has it correct in how to get the info from a url... now for what each part is called of the URL is like this... resource: http://docs.embarcadero.com/products/rad_studio/delphiAndcpp2009/HelpUpdate2/EN/html/devwin32/wserverpartsofauniformresourcelocator_xml.html Quote Link to comment Share on other sites More sharing options...
Irate Posted September 15, 2013 Share Posted September 15, 2013 parse_url(__FILE__) should do the job. Quote Link to comment Share on other sites More sharing options...
Stefany93 Posted September 15, 2013 Share Posted September 15, 2013 (edited) These "URL extensions" as you call them are named "query strings" and they are used to pass information whether it be to another file or directly to your CGI program of choice. They are very often used in web programming. To get the value of them, you use the $_GET super global array. For example, if you have a URL www.example.com/blog.php?general=lee and you want to display the value of "general" you do this echo $_GET['general']; However, this approach will throw you a "Notice: Undefined index" when you first load the page before the query string has been appended, so it is better to first check whether value of "general" has been set with the isset() function like this: if(isset($_GET['general'])){ echo $_GET['general']; } And this is not entirely correct either because the golden rule says you can never trust user input so you must always validate the value of the query string with the numerous functions for that, depending on what you need it for. Like if you are going to display that value, you'd need to escape it with htmlentities() or if you are going to compare it in a DB you need to make sure it does not contain malicious code for SQL injection and so on. When you have like two values in the query string like this: www.example.com/blog.php?general=lee&years=53 You just ignore the "&" and get the values by accessing their names like the previous example: echo $_GET['general'], ' ' , $_GET['years']; Query strings are awesome, use them! Edited September 15, 2013 by Stefany93 Quote Link to comment Share on other sites More sharing options...
Irate Posted September 15, 2013 Share Posted September 15, 2013 Query strings are far from awesome as some serious abuse can happen through them if they're not properly handled, e.g. if register_globals is not disabled (in older PHP versions, this is the case), but there can be some even more serious abuse through other exploits. Quote Link to comment Share on other sites More sharing options...
Stefany93 Posted September 15, 2013 Share Posted September 15, 2013 Query strings are far from awesome as some serious abuse can happen through them if they're not properly handled, e.g. if register_globals is not disabled (in older PHP versions, this is the case), but there can be some even more serious abuse through other exploits. I respectfully disagree - it doesn't matter what method you choose of accepting user input, as long as the input is properly validated/sanitized, then there is no problem. One should not avoid using query string only because they are easily manipulated for evil. You know HTTP headers can also be tweaked for evil purposes, does that mean we should stop using HTTP? Quote Link to comment Share on other sites More sharing options...
jazzman1 Posted September 16, 2013 Share Posted September 16, 2013 Query strings are far from awesome as some serious abuse can happen through them if they're not properly handled, e.g. if register_globals is not disabled (in older PHP versions, this is the case), but there can be some even more serious abuse through other exploits. In some cases a GET method is usable in some cases is less so. In my opinion POST and GET methods are equally safety if you're validated a data properly. it doesn't matter what method you choose of accepting user input, as long as the input is properly validated/sanitized, then there is no problem. @Stefi, you will save a lot of pain in the ass if you use a POST data method when you try to post a sensitive data to the server. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.