Jump to content


Photo

Accessing Second Variable Set


  • Please log in to reply
5 replies to this topic

#1 titangf

titangf
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts
  • LocationColorado, USA

Posted 19 April 2006 - 08:41 PM

How do i get to call back the second variable... I have a page currently that isn't recognizing the second variable "display_pict".... any ideas?

//this is displayed in the url with the two variables that I want
.../property_gallery.php?P_ID=2?display_pict=3.jpg

This is the way i've been refering to the first variable, but it doesn't want to work for the second one.
$colname_details = $HTTP_GET_VARS['P_ID'];

I need to be able to keep both of these variables seperate as they are called in different ways.

Thanks in advance. I know i'm overlooking something and I guess I need another set of eyes looking at it to help me out.. lol. thanks again.
[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--][a href="http://www.csszengarden.com/" target="_blank"]css zen garden - beautiful design with the programmer in mind[/a][!--colorc--][/span][!--/colorc--]

[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--]Time is the invention of man to gauge what his achievements have been before he fades to dust.[!--colorc--][/span][!--/colorc--]

#2 titangf

titangf
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts
  • LocationColorado, USA

Posted 19 April 2006 - 09:10 PM

Found my mistake... it was in the url string...

/property_gallery.php?P_ID=1&display_pict=2.jpg

Used an "?" instead of "&".... lol


Just needed to take a step back from it all and look at it again.
[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--][a href="http://www.csszengarden.com/" target="_blank"]css zen garden - beautiful design with the programmer in mind[/a][!--colorc--][/span][!--/colorc--]

[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--]Time is the invention of man to gauge what his achievements have been before he fades to dust.[!--colorc--][/span][!--/colorc--]

#3 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 19 April 2006 - 09:12 PM

Use & from the second and on, only ? after the page name
property_gallery.php?P_ID=2&display_pict=3.jpg

and $_GET
$display_pict = $_GET['display_pict'];

BUT - it looks like you are doing a direct inclution of whatever the get variable says to include, so [!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]display_pict=3.jpg[!--colorc--][/span][!--/colorc--] might be [!--coloro:#990000--][span style=\"color:#990000\"][!--/coloro--]display_pict=include_bad_script[!--colorc--][/span][!--/colorc--] and make a real fuzz on your server

Just as a note...... if it is so, i would consider doing things a bit different for the security

EDIT: Got me a second earlier there *lol*

#4 titangf

titangf
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts
  • LocationColorado, USA

Posted 19 April 2006 - 09:17 PM

[!--quoteo--][div class=\'quotetop\']QUOTE[/div][div class=\'quotemain\'][!--quotec--]Just as a note...... if it is so, i would consider doing things a bit different for the security [/quote]

I am aware of this... but this is information that does not need to be secure. I am not dealing with a shopping cart system so it shouldn't be a major concern. If someone wants to rip off some pictures off my website, I really don't mind.

What would be a reason why I would want to secure the link down if i'm not utilizing a shopping cart system? (other than keeping people from prying)
[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--][a href="http://www.csszengarden.com/" target="_blank"]css zen garden - beautiful design with the programmer in mind[/a][!--colorc--][/span][!--/colorc--]

[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--]Time is the invention of man to gauge what his achievements have been before he fades to dust.[!--colorc--][/span][!--/colorc--]

#5 alpine

alpine
  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 19 April 2006 - 09:44 PM

what i mean is that a bad script can easily be included to your server just by including it from the url - and it can do a lot more harm than just ripping off pictures.
Probably a lot of examples, here is one i found just now: [a href=\"http://www.theserverpages.com/10101/21/\" target=\"_blank\"]http://www.theserverpages.com/10101/21/[/a]

#6 titangf

titangf
  • Members
  • PipPipPip
  • Advanced Member
  • 58 posts
  • LocationColorado, USA

Posted 19 April 2006 - 09:54 PM

Thanks for that bit of info....

Didn't know that it was possible to do that outside of someone else's website. Something to consider for the future..
[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--][a href="http://www.csszengarden.com/" target="_blank"]css zen garden - beautiful design with the programmer in mind[/a][!--colorc--][/span][!--/colorc--]

[!--coloro:#3366FF--][span style="color:#3366FF"][!--/coloro--]Time is the invention of man to gauge what his achievements have been before he fades to dust.[!--colorc--][/span][!--/colorc--]




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users