Connecting Tech Pros Worldwide Forums | Help | Site Map
bytes > topic > php > answers

passing variables in url -- help

Member
  
Join Date: Jan 2009
Location: USA
Posts: 118
#1: 3 Weeks Ago
hello -

trying to pass variable through url from the database query.

i query and store the id in $id and put that in:

Expand|Select|Wrap|Line Numbers
  1. <a href="list.php?Id=$Id"><img src="<?php echo $row_list['photo']; ?>
  2.  
i've used an echo statement to ensure that the variable is set and it is.

Its just not being passed as a variable to the next page. in the url it shows

Expand|Select|Wrap|Line Numbers
  1. http://domain.com/list.php?Id=$Id
  2.  
how do i get this to set in the url?

i've used a get method to clean and get the variable.

Expand|Select|Wrap|Line Numbers
  1. if(isset($_GET['Id'])) {
  2.     $Id = htmlspecialchars($_GET['Id']);
  3.  }
  4.  

Expand|Select|Wrap|Line Numbers
  1. <a href="list0.php?Id=$Id&PicId=$pic_Id"><img src="<?php echo $row_list['Photo']; ?>" height="120" width="120" align="middle" />
  2.  
i have the pic_Id set from another query on this page. the ending result should be:

grab the id from page one, user clicks on the link and that id is passed to page 2 and displays other images passed on that id that was passed, and stores the album id and picture id with the image in the hyper link.


i know that the query works just trying to get the variable to work.

thanks in advance for you help.

theo werntz

Dormilich's Avatar
Moderator
  
Join Date: Aug 2008
Location: Leipzig, Germany
Posts: 3,662
#2: 3 Weeks Ago

re: passing variables in url -- help

code executed by PHP marked bold
Expand|Select|Wrap|Line Numbers
  1. <a href="list.php?Id=$Id"><img src="<?php echo $row_list['photo']; ?>
everything else is simple HTML text
Markus's Avatar
Moderator
  
Join Date: Jun 2007
Location: York, England, with wolves.
Posts: 4,949
#3: 3 Weeks Ago

re: passing variables in url -- help

Quote:

Originally Posted by Dormilich View Post

code executed by PHP marked bold

Expand|Select|Wrap|Line Numbers
  1. <a href="list.php?Id=$Id"><img src="<?php echo $row_list['photo']; ?>
everything else is simple HTML text

Expanding on what Dorm said: You may have defined the variable $Id somewhere, but that's irrelevant because you're not invoking the PHP parser to output the variable: <?php echo $Id; ?>

Mark.
Member
  
Join Date: Jan 2009
Location: USA
Posts: 118
#4: 3 Weeks Ago

re: passing variables in url -- help

so should i create a hidden html row and echo it their? because i have echoed it within the initial table data and it is being echoed correctly its just not being inserted into the url string variable when i click the link.
Member
  
Join Date: Jan 2009
Location: USA
Posts: 118
#5: 3 Weeks Ago

re: passing variables in url -- help

here is my code from the first page
Expand|Select|Wrap|Line Numbers
  1. <?php require_once('list.php'); ?>
  2. <?php
  3. if (!function_exists("GetSQLValueString")) {
  4. function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
  5. {
  6.   if (PHP_VERSION < 6) {
  7.     $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  8.   }
  9.  
  10.   $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
  11.  
  12.   switch ($theType) {
  13.     case "text":
  14.       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  15.       break;    
  16.     case "long":
  17.     case "int":
  18.       $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  19.       break;
  20.     case "double":
  21.       $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  22.       break;
  23.     case "date":
  24.       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  25.       break;
  26.     case "defined":
  27.       $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  28.       break;
  29.   }
  30.   return $theValue;
  31. }
  32. }
  33.  
  34. $maxRows_List = 10;
  35. $pageNum_List = 0;
  36. if (isset($_GET['pageNum_List'])) {
  37.   $pageNum_List = $_GET['pageNum_List'];
  38. }
  39. $startRow_List = $pageNum_List * $maxRows_List;
  40.  
  41. mysql_select_db($database_List, $List);
  42. $query_List = "SELECT a.Id as Id, a.Name as Album, a.Date as Date, d.Pic as Picture FROM List a, ManyList b, Title c, Data d WHERE b.aId=a.Id  and a.Id=c.aId  and c.Id=d.tId  and a.Def='Y' and d.Def='Y' 
  43. and b.UserId='1'";
  44. $query_limit_List = sprintf("%s LIMIT %d, %d", $query_List, $startRow_List, $maxRows_List);
  45. $List = mysql_query($query_limit_List, $List) or die(mysql_error());
  46. $row_List = mysql_fetch_assoc($List);
  47.  
  48. if (isset($_GET['totalRows_List'])) {
  49.   $totalRows_List = $_GET['totalRows_List'];
  50. } else {
  51.   $all_List = mysql_query($query_List);
  52.   $totalRows_List = mysql_num_rows($all_List);
  53. }
  54. $totalPages_List = ceil($totalRows_List/$maxRows_List)-1;
  55.  
  56.  $Id = $row_List['Id']; // set album id  
  57.  
  58.  
  59. ?>
  60. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  61. <html xmlns="http://www.w3.org/1999/xhtml">
  62. <head>
  63. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  64. <title>Untitled Document</title>
  65. </head>
  66. <div id="mainContent">
  67. <table border="1" cellpadding="1" cellspacing="1">
  68.         <h1><caption align="center" style="font-size:xx-large">
  69.          List
  70. </caption></h1>
  71.         <?php do { ?>
  72.           <tr>
  73.           <td><?php echo $Id ; ?></td>
  74.             <td><?php echo $row_List['Title']; ?><?php echo $row_List['Date']; ?></td></tr>
  75.             <tr>
  76.               <td><a href="List.php?Id=$Id"><img src="<?php echo $row_List['Picture']; ?>" height="120" width="120" align="middle"/></a></td>
  77. </tr>
  78.           <?php } while ($row_List = mysql_fetch_assoc($List));
  79.             ?>
  80.       </table>
  81.  
  82. </body>
  83. </html>
  84. <?php
  85. mysql_free_result($list);
  86. ?>
  87.  
Markus's Avatar
Moderator
  
Join Date: Jun 2007
Location: York, England, with wolves.
Posts: 4,949
#6: 3 Weeks Ago

re: passing variables in url -- help

No.

You say you end up with a URL like http://site.com/?id=$Id - as me and Dormilich have said before, this is because you are not using PHP to output the $Id variable, that is, it's being interpreted as plain text/html.

It should look like: <a href="list.php?Id=<?php echo $Id; ?>">
Member
  
Join Date: Jan 2009
Location: USA
Posts: 118
#7: 3 Weeks Ago

re: passing variables in url -- help

oh ok thanks for the expaination will try and get back. sorry for any frustration still new to php.

thanks again for your help!
Member
  
Join Date: Jan 2009
Location: USA
Posts: 118
#8: 3 Weeks Ago

re: passing variables in url -- help

ok so that works.

do you have a tutorial i can read on putting random strings in url to mix it up?

i.e. www.domain.com?Id=1&abcde&1234567

where it adds nonsense to the string; abcde and 1234567 have nothing to do with the site, just a security measure.

i was initially content on using sessions only but now i know that i need to use url and sessions and cookies.

thanks again for your help.

theo werntz ii
TheServant's Avatar
Expert
  
Join Date: Feb 2008
Location: Australia
Posts: 914
#9: 3 Weeks Ago

re: passing variables in url -- help

I think a random character generator will do that for you.

However, you can't assign multiple values to a variable. You have Id=1, Id=abcde, Id=1234567. This is not logical as it has already been set in the first one. You might try instead:
Expand|Select|Wrap|Line Numbers
  1. mydomain.com?id1=1&id2=abcdef&id3=1234567
So you will have 3 variables to deal with, id1, id2, and id3.

Can you explain your "security measure"? Why would a random get value improve security? Anything in $_GET should not be secret, important or crucial to your site. $_GET is the least secure and the most easily faked. $_SESSION is the hardest to fake, and $_POST is also done relatively easily.
Cookies are a little different, but can be faked as well, so don't keep important or sensitive things in a cookie.
Member
  
Join Date: Jan 2009
Location: USA
Posts: 118
#10: 3 Weeks Ago

re: passing variables in url -- help

yes they can be faked. but with sessions controling the application and the url encoded with bogus strings will try to limit the attempt of someone trying to access the account through the url or down load, or put their own content in the string.

Yes sessions are the hardest to fake.
TheServant's Avatar
Expert
  
Join Date: Feb 2008
Location: Australia
Posts: 914
#11: 3 Weeks Ago

re: passing variables in url -- help

So you are trying to pretend that your security is $_GET to lead people away from trying $_SESSION hacks?

I don't recommend you do this for two reasons:
1. If you are making the URL more complicated and not search engine friendly, then you should have a very good reason, and personally I don't think a fake security system is a good reason. This could drive customers away if it becomes problimatic, which happens when URLs are complicated.
2. Real hackers are good. If someone is able to hack sessions, they are good. A common characteristic of good hackers is wanting to be challenged. Having a security measure like that will attract hack attempts rather than deter them, and eventually one will get through and send you a smart message about your $_GET trick.

That's my 2 cents.
Member
  
Join Date: Jan 2009
Location: USA
Posts: 118
#12: 3 Weeks Ago

re: passing variables in url -- help

no its not a fake security system.

just seeing what i could pass and could not pass.

thanks for the help!
TheServant's Avatar
Expert
  
Join Date: Feb 2008
Location: Australia
Posts: 914
#13: 3 Weeks Ago

re: passing variables in url -- help

No worries. Let us know how you go and if you have any more questions.
Reply

« previous question | next question »

Similar PHP bytes

/bytes/development

/bytes/it

Forums
Visit our community forums for general discussions and latest on Bytes

Our staff and community areas have moved to bytes.com/forums/

/bytes/about

We are a network of experts and professionals in IT and software development that help one another with answers to tough questions and share insights. Get the best answers to your questions from over 226,531 network members.

dev questions:
algorithms | asp | asp.net | c/c++ | coldfusion | c# | flash | html/css | java | javascript |
mobile dev | .net | perl | php | python | ruby | software dev | vb.net | visual basic | xml
it questions:
access | apache | careers | db2 | iis | macosx | mysql | networking | oracle | postgresql | sql server | unix | windows

About Bytes | Copyright 1995-2009 BYTES. All rights Reserved