Jump to content

How do I get my get?


sKunKbad

Recommended Posts

OK, so I want to get the city and st info from my form that I used method="get" on.

On my program that is receiving the form info, I need to turn the city and st into a variable, so I have been trying:

$var1="$_GET[city]";
$var2="$_GET[st]";

but this is not working, or I have more severe problems. Do I need to do something else to get these variables made?

Thanks,
Link to comment
Share on other sites

ok, you are in dire need of a lesson in variables.

first of all, when setting one variable equal to another, NO quotes are necessary. quotes are only necessary when strings are involved, such as when you are putting a variable into the middle of a sentence, for example.

second, there are two types of indeces in an array. one is a non-constant (usually string) index, in which case quotes must be used in the index reference. the other is a constant index, where no quotes are necessary. in this case, your indeces are strings and should have quotes when selecting them:

[code]$var1 = $_GET['city'];
$var2 = $_GET['st'];[/code]

no outside quotes needed, index quotes needed since you're referring to a non-constant index. however, why you need to assign them to local variables? they're available everywhere in $_GET['city'] and $_GET['st'].

[b]EDIT: KHENDAR REPLIED SHORTLY BEFORE ME, BUT I'M LEAVING MY REPLY IN HOPES THAT YOU UNDERSTAND WHY.[/b]
Link to comment
Share on other sites

For the highest level of security write your get statements like this...

[code]<?php
$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;
?>[/code]

That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense?
Link to comment
Share on other sites

[!--quoteo(post=361832:date=Apr 4 2006, 09:01 PM:name=cunoodle2)--][div class=\'quotetop\']QUOTE(cunoodle2 @ Apr 4 2006, 09:01 PM) [snapback]361832[/snapback][/div][div class=\'quotemain\'][!--quotec--]
For the highest level of security write your get statements like this...

[code]<?php
$var_1= isSet($_GET['city']) ? $_GET['city'] : NULL;
?>[/code]

That basically says that if $_GET['city'] is set then assign it to the variable `var_1`.....otherwise assign `NULL` to that variable. Make sense?
[/quote]

I got it working, but I have a question for you cunoodle2. If the data in my database is not sensitive personal info, do I need to worry about this security you speak of?
Link to comment
Share on other sites

Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.

Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page.
Link to comment
Share on other sites

[!--quoteo(post=361852:date=Apr 4 2006, 10:03 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 10:03 PM) [snapback]361852[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Security is more than just protecting users data. Its also used for protecting your site. For example if you are using your $_GET variables to get information from a database, malicious users can use SQL Injection attacks to bypass your logon code and do damage to your database, even delete it.

Variable checking is a good habit to get into anyway. If the data which is send via GET is not what your code expected, its better to handle it properly rather than have it break the page.
[/quote]

Thanks for the info khendar. I immediately made those changes! Is the following safe?

[code]if (!isset($_GET['page'])){
           $page = 1;
           } ELSE {
           $page = $_GET['page'];
        }[/code]
Link to comment
Share on other sites

Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null.

For example: If you are accepting variables passed through the url eg

www.something.com/index.php?page=2

and page 2 actually exists, then this is fine.

However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error.
Link to comment
Share on other sites

[!--quoteo(post=361861:date=Apr 4 2006, 11:28 PM:name=khendar)--][div class=\'quotetop\']QUOTE(khendar @ Apr 4 2006, 11:28 PM) [snapback]361861[/snapback][/div][div class=\'quotemain\'][!--quotec--]
Thats a good start. However it doesn't end here. You will need to make sure that what has been entered is valid, not just not null.

For example: If you are accepting variables passed through the url eg

www.something.com/index.php?page=2

and page 2 actually exists, then this is fine.

However I can go www.something.com/index.php?page=142231455233 and unless you verify that page 142231455233 exists then it may cause an error.
[/quote]

Can you give me a little mini tutorial on that using the code above?
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.