Newgrounds.com — Everything, By Everyone.

Could someone please tell me (or supply a webpage) about making webpages with URLs that end like that in the topic title? Thanks ^^.

I think you mean like, ".php?stuff=whatever"?

In that case, you use PHP and a GET method. It's not veyr hard.

At 6/20/05 12:07 AM, Sinnernaut wrote: In that case, you use PHP and a GET method. It's not veyr hard.

And how in the world do I do that?

There are 2 types of methods for submitting data to scripts: GET and POST.

GET can be seen in url, ie. www.mysite.org/uberscript.php?name=juraj&do-i-own-you=true etc.

So you submitted $name and $do-i-own-you to PHP script. It's gonna do whatever you coded it with those scripts.

POST method is different. Ever wanted to refresh the page, and browser pop ups 'information must be resent' or something? You saw POST method. This method uses HTTP header to submit information... Even this posting script is using the post method.

Now let's skip to the PHP. Let's say you have something like this...

<?php

print "Hello ".$name;

?>

If url was this... script.php?name=juraj

The code would output 'Hello juraj'. However, some servers are configured NOT to automatically proceed all values user supplied to server... Imagine, if a big script like phpBB is open source and server has register_globals off, hacker could put something he knows like ?user_level=1 (1 is admin) in URL and there you have a pure hacking attempt! On these servers you must manually fetch variables you want with the method you use on your site, ie. GET, with special arrays $_GET and $_POST. Old way to do it was $HTTP_GET_VARS and $HTTP_POST_VARS :)

$name = $_GET['name'];
print "Hello ".$name;
// OR
print "Hello ".$_GET['name'];

That's it! Not sure is your site using GET or POST method? Use this code!

$name = $_GET['name'];
if ($name == "") {$name = $_POST['name'];}

This means if POST is used instead of GET, $name will be empty. So if $name is empty, it sets it's value to POST method.

Hope you understood something :)

Or use $_REQUEST, it's easier that way when youdon't realy care about how you got it.
Notice that you can both get GET variables and POST variables at the same time, but is it that hard to put down a hidden field in the form?

This is all so confusing...I hope people didn't think I was talking about forms. Let's say my website has a shop. My URL is www.mydomain.com. So I click on the shop link, which goes to www.mydomain.com/items.php. But my shop is divided into different genres of items. I click one genre, and it goes to www.mydomain.com/items.php?=2. But if I go to another genre, it goes to www.mydomain.com/items.php?=3.

I did my best explaining. Hope that helped.

Aw juraj don't encourage autoglobals. ;)

yea seriusly, not using $_GET isn't very good syntax

At 6/20/05 11:42 AM, Cahenn wrote: yea seriusly, not using $_GET isn't very good syntax

Plus $_REQUEST sets you up for a lot of security problems.

At 6/20/05 11:25 AM, Pilot-Doofy wrote: Aw juraj don't encourage autoglobals. ;)

Who's encouraging autoglobals? They suck. =)

And no, I'm not talking about forms, although they have some roots in this whole thing.

By the way, $_REQUEST is combination of not only 2, but of 3 super globals:

$_GET, $_POST and $_COOKIE.

The order the variables overwrites each other is detriminited by the ini setting variables_order, that defaults to: EGPCS
That means enviroment/server gets overwriten first, then GET, then POST, then cookie variables and last session variables. In other words:
The later it's in the setting, the higher priority.
It applays to both $_REQUEST and the autoglobals.
I realy can't see any security problem with $_REQUEST and I am very good at that.

At 6/20/05 06:01 PM, henke37 wrote: I realy can't see any security problem with $_REQUEST and I am very good at that.

Well, if you're uninformed as to which variables are overwritten first it can be a huge security glitch. Say, for instance, someone is going to set a cookie called "username". Well, sure it is a huge security problem as it can be easily changed in LIVE HTTP HEADERS or other methods of altering server data. But, take a look at this:

page.php?username=Admin

Okay, well, if we're using $_REQUEST for our method of retrieving the information which should be retrieved using $_COOKIE then it is quickly overriden with the url variable of "username".

Sure, everyone should take a lot more precautions to such a system as a login handler; however, you can't under estimate inexperienced users.

To a fluent and professional PHP scripter, there is nothing (noticably) wrong with using the $_REQUEST method. But, again this brings me to the conclusion: NOTHING is idiot proof.

At 6/20/05 10:25 PM, Pilot-Doofy wrote: But, take a look at this:

page.php?username=Admin

Looks like someting I would do...lol

< ?php
if($page==""){ $page="main"; }
$completepage=$page.".php";
if(file_exists($completepage)){ include($completepage); }else{ echo("No such file ".$completepage ); }
? >

new here but i thought id share what i know. Not using GET or anything but it works for me. Hope you like it.

DO NOT USE THAT CODE!
It's very insecure, it allows a hacker to run any code of his choice and include files like /etc/passwd.
And it relies on autoglobals. Basicly the worst way of doing it.

Here is what I have used in the past:

//index.php

<?php

if ($_GET['page'] == main)
include("main.php");

elseif($_GET['page'] == stuff)
include("stuff.php");

else include("main.php");

?>

This way if you specify index.php?page=main, you will get main.php, etc. Also, if you don't specify $page, you will get main.php as well.