extended link ?user=seinfield

[Foser]

alright, im interested in learning about extended links but im not totaly sure whats its actually called therefore i have trouble finding tutorials about it. I know its somekind of get statement but im not sure how to display things on that page which does not exist until someone presses a link.

 

 

The reason i want to learn about this is because i am making a application and want to make it so you can see all users information and be able to edit it from there. any information about these extended links would be grealy appreciated.

 

thanks

[corbin]

Look up the $_GET superglobal array.

[teng84]

?test=value

test= index of the array $_GET['test']

value = will be the content of $_GET['test']

 

to extend or have another set of get variable simply add &

?test=value&test2=value2

 

any concern ?

[Foser]

I know some of this can be very not secure. How can we make it so if there is no user to that name display error page. Because from my experience i know how to exploit this and with this unsecure you can easily upload something to the host without any authentication. Any way to make it secure?

[skali]

you should filter the $_GET variables on the server and check in the database for the existence of the user before further processing.

[teng84]

first if u have the database you can have it tru checking the user in the db

 

sample

 

select * from table where user id=$_GET['valu here']

 

have some condition that if true allow to enter then else error page

 

hope that helps