prudens Posted March 2, 2008 Share Posted March 2, 2008 Hey http://localhost/main.php?var=newsub&subvar=2 How do I retrieve the $var, and $subvar in main.php? Quote Link to comment Share on other sites More sharing options...
shocker-z Posted March 2, 2008 Share Posted March 2, 2008 $_GET['var'] and $_GET['subvar'] will do the treat remember to strip charactors out which could cause vunrabilities. Regards Liam Quote Link to comment Share on other sites More sharing options...
prudens Posted March 2, 2008 Author Share Posted March 2, 2008 thanks, but what do you mean by strip?? Quote Link to comment Share on other sites More sharing options...
prudens Posted March 2, 2008 Author Share Posted March 2, 2008 also... it doesn't work It's not from a form or anything... Quote Link to comment Share on other sites More sharing options...
prudens Posted March 2, 2008 Author Share Posted March 2, 2008 $type = $_GET['type']; $id = $_GET['id']; if ($type = "aaa") { echo "Yes!"; } elseif ($type = "ddd") { echo "none"; } main.php?type=ddd It keep prints "Yes!" Quote Link to comment Share on other sites More sharing options...
shocker-z Posted March 2, 2008 Share Posted March 2, 2008 $type = $_GET['type']; $id = $_GET['id']; if ($type == "aaa") { echo "Yes!"; } elseif ($type == "ddd") { echo "none"; } You had single = which mean if $type has been successfully set to "aaa" then echo yes! what you wanted is if $type already equal to aaa by using == by strip i mean if you are planning to echo back a variable from PSOT or GET then make sure you remove unsave charactors which can be used for injection and cross site linking. regards Liam Regards Liam Quote Link to comment Share on other sites More sharing options...
prudens Posted March 2, 2008 Author Share Posted March 2, 2008 can you show me an example of strip? Quote Link to comment Share on other sites More sharing options...
shocker-z Posted March 2, 2008 Share Posted March 2, 2008 addslashes() is a start as this will add backslashes to ' and " therefore stopping people from ending 1 eliment and starting another. It all depends as to what your doing with the variables and also how secure your site needs to be. for example i display status messages using switch switch($_GET['status']) { case 1: echo 'Permissions denied'; break; case 2: echo 'You are now logged in'; break; } This means that im never actually echo'in the variable back and therefore no one can add extra code by somthing like the following. http://somesite.com/login.php?status=<iframe src ="www.phpfreaks.com" width="100%"></iframe> echo $status; Hope this makes sence. Reagrds Liam Quote Link to comment Share on other sites More sharing options...
prudens Posted March 2, 2008 Author Share Posted March 2, 2008 Thank you! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.