Jump to content

Understanding the GET thing

burtybob

By burtybob
in PHP Coding Help

 Share

Recommended Posts

burtybob Member

burtybob

Posted
Posted

i have read the  phpmanual and many tutorials and i did a search on here and i am still stuck.

I can do forms but i cant understand how the URL bit works i will give an example

On websites they use like

profile.php?id=123

and i dont understand how the id=123 bit is generated is it connect to mysql then something else?

I understand everything in green but not the red bits?

Link to comment
https://forums.phpfreaks.com/topic/54277-understanding-the-get-thing/
Share on other sites
crawlerbasher Member

crawlerbasher

Posted
Posted

Best way to show this is:

 

<?php
$id = $_GET['id']; // This gets the information from the url like this profile.php?id=123
if ($id) {
include($id.".php"); // if the id was 123 then it will get 123.php
}
?>

 

There are so many uses for this, but be warned you need to learn to protect your script from injection, and thats the hardest part, well for me.

taith Regular Member

taith

Posted
Posted

Best way to show this is:

 

<?php
$id = $_GET['id']; // This gets the information from the url like this profile.php?id=123
if ($id) {
include($id.".php"); // if the id was 123 then it will get 123.php
}
?>

 

There are so many uses for this, but be warned you need to learn to protect your script from injection, and thats the hardest part, well for me.

 

i disagree... that is VERY insecure...

 

 

 

 

 

<form method="GET" action="?">
<input type=textbox name=text>
<input type=submit>
</form>
<?echo $_GET[text];?>

 

thats one way of using get... could also just manually type it into your urls :D

burtybob Member

burtybob

Posted
  • Author
Posted

In profile.php

<form method="GET" action="?">
<input type=textbox name=text>
<input type=submit>
</form>
<?php 
$id = $_GET[text];
include ('$id.php');
echo $data;
?>

In 123.php

<?php
$data = ben
?>

 

Yet whenever i put 123 in the text box it just gives me a blank page other than the text box?

I now understand the get a lot better thank you guys and girls (if any of you are girls) so i guess some things are just easier to understand when explained in another way so i thank you all for that and please can you help on this bit.

I am on MSN if it easier my msn is bobob24@hotmail.co.uk.

 

per1os Member

per1os

Posted
Posted

You I would highly advise against doing an include on the id. Also I would suggest using ' or " around indexes of an array:

 

<form method="GET" action="?">
<input type=textbox name=text>
<input type=submit>
</form>
<?php 
if (isset($_GET['text'])) {
     $id = $_GET['text'];
     include ("$id.php"); // use double quotes or else the $id is taken literally with single strings.
     echo $data;
     echo "<br />Single Test:" . '$id $id = $id ' . "$id = $id \$id = $id"; // hope that shows you the difference.
}
?>

 

Try that out and see where it gets you, just remember doing that include with get data is very very dangerous and will open you up to be hacked by some script kiddie if you actually use this on a website.

burtybob Member

burtybob

Posted
  • Author
Posted

ok thanks frost i was trying it to work out how get works, when i come to doing the site i will not use the include but i am atm just trying to understand and get it working.

Also is there anyway that using include in that way i could use a function to protect myself against script kiddies?

I will do a post later today to tell if i got it working or not.

per1os Member

per1os

Posted
Posted

htmlentities($string,ENT_QUOTES); and byebye any/all injections...

 

Will that prevent in including a file from a remote site.

 

IE: if I passed  something like:

getpage.php?id=http://www.somesite.com/thisfilescrewsyou

 

where the real file is

getpage.php?id=http://www.somesite.com/thisfilescrewsyou.php (since he adds .php to the end)

 

And the "thisfilescrewsyou" has some code that is received as text in there that opens up the index file, or all files and writes to it and than closes it, and now all the files on the server or at least the index file are all hi-jacked possibly or overwritten to and screwed...

 

That is the main fear with including get data.

burtybob Member

burtybob

Posted
  • Author
Posted

using get to make a profile.php and then get the data from the database about each user like a lot of online rpgs do some dont but most use a page like

http://www.game.com/profile.php?id=usersid

 

The page then shows any items that user has bought in the game!

burtybob Member

burtybob

Posted
  • Author
Posted

I posted this yesterday but then when i re read it i found it was not a very good question and example so i have reposted it with more information!

 

I would like to use GET to make a profile.php and then get the data from the database about each user like online rpgs do they use a page like

http://www.game.com/profile.php?id=usersid

 

The page then shows any items that user has bought in the game!

for example

http://sigil.outwar.com/profile.php?id=1

and then it goes up like

http://sigil.outwar.com/profile.php?id=2

and so on

 

Does anyone know how to do this?

 

burtybob Member

burtybob

Posted
  • Author
Posted

You need a database first of all, with a table of members.

 

www.mysql.com is probably a good place to start and learn SQL www.google.com can help there.

 

That or find a pre-made RPG script.

 

I have the database and do i have to learn sql cant i just use PHPmyadmin or is there some other reason?

I am creating my own game and i am doing it in this way to learn PHP as if i didn't learn PHP while using it i wouldn't be bothered to learn it at all, i plan to completely re code my game once i have learned PHP properly so i have thought about getting a pre-made one but decided against it as i have stated.

 

chocopi Regular Member

chocopi

Posted
Posted

Yea you can use PHP MyAdmin, but you could learn SQL just you can understand it for future reference.

 

Ok I have never actually used GET but I will take a stab at it.

 

<?php

$id = $_GET['id'];

$query = mysql_query("SELECT fieldname FROM tablename WHERE id='$id'");
$result = mysql_fetch_assoc($query) or die (mysql_error());
$variable = $result['fieldname'];

echo $variable

?>

 

Hope it helps,

 

~ Chocopi

burtybob Member

burtybob

Posted
  • Author
Posted

Yea you can use PHP MyAdmin, but you could learn SQL just you can understand it for future reference.

 

Ok I have never actually used GET but I will take a stab at it.

 

<?php

$id = $_GET['id'];

$query = mysql_query("SELECT fieldname FROM tablename WHERE id='$id'");
$result = mysql_fetch_assoc($query) or die (mysql_error());
$variable = $result['fieldname'];

echo $variable

?>

 

Hope it helps,

 

~ Chocopi

just glancing at this without knowing much about GET it looks right as long as i remember to connect to database first which is easy enough so i will try this now!

This worked thank you!

Yesideez Advanced Member

Yesideez

Posted
Posted

burtybob, if you want I can PM you with a link which is a MMORPG game I wrote a few years back. Its not finished but you'll be able to get the hang of a lot of useful functions by looking through my source and playing with it.

 

Let me know if you want it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.