sKunKbad Posted April 5, 2006 Share Posted April 5, 2006 OK, so I want to get the city and st info from my form that I used method="get" on.On my program that is receiving the form info, I need to turn the city and st into a variable, so I have been trying:$var1="$_GET[city]";$var2="$_GET[st]";but this is not working, or I have more severe problems. Do I need to do something else to get these variables made?Thanks, Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/ Share on other sites More sharing options...
khendar Posted April 5, 2006 Share Posted April 5, 2006 Remove the double quotes around $_GET[]. And use single quotes for the variable inside $_GET that you are getting:eg $var = $_GET['var']; Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24068 Share on other sites More sharing options...
akitchin Posted April 5, 2006 Share Posted April 5, 2006 ok, you are in dire need of a lesson in variables.first of all, when setting one variable equal to another, NO quotes are necessary. quotes are only necessary when strings are involved, such as when you are putting a variable into the middle of a sentence, for example.second, there are two types of indeces in an array. one is a non-constant (usually string) index, in which case quotes must be used in the index reference. the other is a constant index, where no quotes are necessary. in this case, your indeces are strings and should have quotes when selecting them:[code]$var1 = $_GET['city'];$var2 = $_GET['st'];[/code]no outside quotes needed, index quotes needed since you're referring to a non-constant index. however, why you need to assign them to local variables? they're available everywhere in $_GET['city'] and $_GET['st'].[b]EDIT: KHENDAR REPLIED SHORTLY BEFORE ME, BUT I'M LEAVING MY REPLY IN HOPES THAT YOU UNDERSTAND WHY.[/b] Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24069 Share on other sites More sharing options...
khendar Posted April 5, 2006 Share Posted April 5, 2006 ^ He said it better. Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24071 Share on other sites More sharing options...
cunoodle2 Posted April 5, 2006 Share Posted April 5, 2006 For the highest level of security write your get statements like this...[code]<?php$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;?>[/code]That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense? Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24076 Share on other sites More sharing options...
sKunKbad Posted April 5, 2006 Author Share Posted April 5, 2006 [!--quoteo(post=361832:date=Apr 4 2006, 09:01 PM:name=cunoodle2)--][div class=\'quotetop\']QUOTE(cunoodle2 @ Apr 4 2006, 09:01 PM) [snapback]361832[/snapback][/div][div class=\'quotemain\'][!--quotec--]For the highest level of security write your get statements like this...[code]<?php$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;?>[/code]That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense?[/quote]I got it working, but I have a question for you cunoodle2. If the data in my database is not sensitive personal info, do I need to worry about this security you speak of? Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24094 Share on other sites More sharing options...
khendar Posted April 5, 2006 Share Posted April 5, 2006 Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page. Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24095 Share on other sites More sharing options...
sKunKbad Posted April 5, 2006 Author Share Posted April 5, 2006 [!--quoteo(post=361852:date=Apr 4 2006, 10:03 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 10:03 PM) [snapback]361852[/snapback][/div][div class=\'quotemain\'][!--quotec--]Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page.[/quote]Thanks for the info khendar. I immediately made those changes! Is the following safe?[code]if (!isset($_GET['page'])){ $page = 1; } ELSE { $page = $_GET['page']; }[/code] Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24101 Share on other sites More sharing options...
khendar Posted April 5, 2006 Share Posted April 5, 2006 Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null. For example: If you are accepting variables passed through the url eg www.something.com/index.php?page=2and page 2 actually exists, then this is fine.However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error. Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24104 Share on other sites More sharing options...
sKunKbad Posted April 5, 2006 Author Share Posted April 5, 2006 [!--quoteo(post=361861:date=Apr 4 2006, 11:28 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 11:28 PM) [snapback]361861[/snapback][/div][div class=\'quotemain\'][!--quotec--]Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null. For example: If you are accepting variables passed through the url eg www.something.com/index.php?page=2and page 2 actually exists, then this is fine.However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error.[/quote]Can you give me a little mini tutorial on that using the code above? Quote Link to comment https://forums.phpfreaks.com/topic/6627-how-do-i-get-my-get/#findComment-24235 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.