Jump to content


Photo

How do I get my get?


  • Please log in to reply
9 replies to this topic

#1 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 05 April 2006 - 03:13 AM

OK, so I want to get the city and st info from my form that I used method="get" on.

On my program that is receiving the form info, I need to turn the city and st into a variable, so I have been trying:

$var1="$_GET[city]";
$var2="$_GET[st]";

but this is not working, or I have more severe problems. Do I need to do something else to get these variables made?

Thanks,
Brian's Web Design - Temecula

Freedom is only available through death.

#2 khendar

khendar
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 05 April 2006 - 03:42 AM

Remove the double quotes around $_GET[]. And use single quotes for the variable inside $_GET that you are getting:

eg $var = $_GET['var'];

#3 akitchin

akitchin
  • Staff Alumni
  • Advanced Member
  • 2,516 posts
  • LocationCalgary, AB, Canada

Posted 05 April 2006 - 03:44 AM

ok, you are in dire need of a lesson in variables.

first of all, when setting one variable equal to another, NO quotes are necessary. quotes are only necessary when strings are involved, such as when you are putting a variable into the middle of a sentence, for example.

second, there are two types of indeces in an array. one is a non-constant (usually string) index, in which case quotes must be used in the index reference. the other is a constant index, where no quotes are necessary. in this case, your indeces are strings and should have quotes when selecting them:

$var1 = $_GET['city'];
$var2 = $_GET['st'];

no outside quotes needed, index quotes needed since you're referring to a non-constant index. however, why you need to assign them to local variables? they're available everywhere in $_GET['city'] and $_GET['st'].

EDIT: KHENDAR REPLIED SHORTLY BEFORE ME, BUT I'M LEAVING MY REPLY IN HOPES THAT YOU UNDERSTAND WHY.

#4 khendar

khendar
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 05 April 2006 - 03:48 AM

^ He said it better.

#5 cunoodle2

cunoodle2
  • Members
  • PipPipPip
  • Advanced Member
  • 602 posts

Posted 05 April 2006 - 04:01 AM

For the highest level of security write your get statements like this...

<?php
$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;
?>

That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense?

If the code was working and now it's not, something changed. Did you change any code?

yeah, just a little bit, I am trying to start from beginning and trace my steps to see what i did wrong unless you see it.


#6 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 05 April 2006 - 04:57 AM

[!--quoteo(post=361832:date=Apr 4 2006, 09:01 PM:name=cunoodle2)--][div class=\'quotetop\']QUOTE(cunoodle2 @ Apr 4 2006, 09:01 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
For the highest level of security write your get statements like this...

<?php
$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;
?>

That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense?
[/quote]

I got it working, but I have a question for you cunoodle2. If the data in my database is not sensitive personal info, do I need to worry about this security you speak of?

Brian's Web Design - Temecula

Freedom is only available through death.

#7 khendar

khendar
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 05 April 2006 - 05:03 AM

Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.

Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page.

#8 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 05 April 2006 - 06:15 AM

[!--quoteo(post=361852:date=Apr 4 2006, 10:03 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 10:03 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.

Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page.
[/quote]

Thanks for the info khendar. I immediately made those changes! Is the following safe?

if (!isset($_GET['page'])){
           $page = 1;
           } ELSE {
           $page = $_GET['page'];
        }

Brian's Web Design - Temecula

Freedom is only available through death.

#9 khendar

khendar
  • Members
  • PipPipPip
  • Advanced Member
  • 78 posts

Posted 05 April 2006 - 06:28 AM

Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null.

For example: If you are accepting variables passed through the url eg

www.something.com/index.php?page=2

and page 2 actually exists, then this is fine.

However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error.

#10 sKunKbad

sKunKbad
  • Members
  • PipPipPip
  • Advanced Member
  • 1,832 posts
  • LocationTemecula, CA, USA

Posted 05 April 2006 - 05:21 PM

[!--quoteo(post=361861:date=Apr 4 2006, 11:28 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 11:28 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null.

For example: If you are accepting variables passed through the url eg

www.something.com/index.php?page=2

and page 2 actually exists, then this is fine.

However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error.
[/quote]

Can you give me a little mini tutorial on that using the code above?

Brian's Web Design - Temecula

Freedom is only available through death.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users