473,238 Members | 1,953 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,238 software developers and data experts.

$_GET and case.

I want to allow users to get the article directly by inserting the announce
ID on the URL such
www.mysite.com?AnnID=xxx
where xxx is the code of the announce.

The problem is :
$_GET['AnnID']

if the user uses lowercase:
www.mysite.com?annid=xxx

It's there any way to get the AnnID, annid, ANNID, and so on ? without
testing everything ?
Jul 17 '05 #1
11 2120
It's there any way to get the AnnID, annid, ANNID, and so on ? without testing everything ?


<?php

$annid = ''; // MUST initialise

foreach( $_GET as $key => $value )
{
if( strtoupper ( $key ) == 'ANNID' )
{
// print 'DEBUG: $GET["' . $key . '"] is "' . $value . '"';
$annid = $value;
break;
}
}

// ...

?>
---
Steve

Jul 17 '05 #2
Bob Bedford wrote:
I want to allow users to get the article directly by inserting the
announce ID on the URL such
www.mysite.com?AnnID=xxx
where xxx is the code of the announce.

The problem is :
$_GET['AnnID']

if the user uses lowercase:
www.mysite.com?annid=xxx

It's there any way to get the AnnID, annid, ANNID, and so on ? without
testing everything ?


Why not just always make your url parameters lower case? That way
there's less chance of them typing it in incorrectly.

You could also look at mod_rewrite if using Apache and let them instead
type in www.mysite.com/123 so they don't need to bother about putting
in the annid= part.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #3
Following on from Bob Bedford's message. . .
I want to allow users to get the article directly by inserting the announce
ID on the URL such
www.mysite.com?AnnID=xxx
where xxx is the code of the announce.

The problem is :
$_GET['AnnID']

if the user uses lowercase:
www.mysite.com?annid=xxx

It's there any way to get the AnnID, annid, ANNID, and so on ? without
testing everything ?

You don't really care about the 'annid' bit do you. Just get the first
$_GET variable regardless of how it is keyed. User can put in
'article=xxx' or 'get=xxx' if they want!

Having said that, I find your method rather horrible.

--
PETER FOX Not the same since the porcelain business went down the pan
pe******@eminent.demon.co.uk.not.this.bit.no.html
2 Tees Close, Witham, Essex.
Gravity beer in Essex <http://www.eminent.demon.co.uk>
Jul 17 '05 #4
I noticed that Message-ID: <kE**************@eminent.demon.co.uk> from
Peter Fox contained the following:
It's there any way to get the AnnID, annid, ANNID, and so on ? without
testing everything ?

You don't really care about the 'annid' bit do you. Just get the first
$_GET variable regardless of how it is keyed. User can put in
'article=xxx' or 'get=xxx' if they want!


Or put '?xxx' and get the value from $_SERVER['QUERY_STRING']

--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 17 '05 #5
> You don't really care about the 'annid' bit do you. Just get the first
$_GET variable regardless of how it is keyed. User can put in
'article=xxx' or 'get=xxx' if they want!

Having said that, I find your method rather horrible.


Could you please expand your last remark ? I don't understand what you mean.

In my case, the same page may be called with many params, but may also be
called with this only param for "direct access".

So what do you find horrible ? If I use your method, I must always care
about putting this var at the first place, and may not be able to add any
new var !

Bob
Jul 17 '05 #6
On Wed, 2 Feb 2005 16:37:42 +0100, "Bob Bedford" <be******@YouKnowWhatToDoHerehotmail.com> wrote:
I want to allow users to get the article directly by inserting the announce
ID on the URL such
www.mysite.com?AnnID=xxx
where xxx is the code of the announce.

The problem is :
$_GET['AnnID']

if the user uses lowercase:
www.mysite.com?annid=xxx

It's there any way to get the AnnID, annid, ANNID, and so on ? without
testing everything ?


I use this:

$gets = array_change_key_case($_GET,CASE_LOWER);

and then use $gets['annid'] or whatever to get your url values.

Works for any and all keys supplied with $_GET.

Cheers,
Gary.

Jul 17 '05 #7
"Bob Bedford1" wrote:
I want to allow users to get the article directly by inserting
the announce
ID on the URL such
www.mysite.com?AnnID=xxx
where xxx is the code of the announce.

The problem is :
$_GET['AnnID']

if the user uses lowercase:
www.mysite.com?annid=xxx

It's there any way to get the AnnID, annid, ANNID, and so on ?
without
testing everything ?


Let’s step back a little. Are you allowing users to compose URL’s.
The "normal" way of doing that is to have a form where users type in
their request, and then YOUR CODE forms the url.

In that case, you don’t have to worry about the case, then way you
have described it.

I have never seen a system where users casn muck around with the url
directly (unless super-technies or something).

--
Posted using the http://www.dbforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbforumz.com/PHP-_GET-cas...ict194027.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbforumz.com/eform.php?p=657452
Jul 17 '05 #8
steve wrote:
"Bob Bedford1" wrote:
> I want to allow users to get the article directly by inserting
> the announce
> ID on the URL such
> www.mysite.com?AnnID=xxx
> where xxx is the code of the announce.
>
> The problem is :
> $_GET['AnnID']
>
> if the user uses lowercase:
> www.mysite.com?annid=xxx
>
> It's there any way to get the AnnID, annid, ANNID, and so on ?
> without
> testing everything ?


Let’s step back a little. Are you allowing users to compose URL’s.
The "normal" way of doing that is to have a form where users type in
their request, and then YOUR CODE forms the url.

In that case, you don’t have to worry about the case, then way you
have described it.

I have never seen a system where users casn muck around with the url
directly (unless super-technies or something).


I think you mean where users are *expected* to muck around with the url..
It's easy enough to play with any get string you want, although you're
right, it's only likely to be tech types or people trying to see if
they can break your site or do sql injection.

However I agree with the rest of your post and it seems odd to me to
expect people to remember to type in a question mark, followed by some
letters, an equals sign and then some numbers and expect them to enter
it correctly.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #9
"Chris Hope" <bl*******@electrictoolbox.com> a écrit dans le message de
news: ct**********@lust.ihug.co.nz...
steve wrote:
"Bob Bedford1" wrote:
> I want to allow users to get the article directly by inserting
> the announce
> ID on the URL such
> www.mysite.com?AnnID=xxx
> where xxx is the code of the announce.
>
> The problem is :
> $_GET['AnnID']
>
> if the user uses lowercase:
> www.mysite.com?annid=xxx
>
> It's there any way to get the AnnID, annid, ANNID, and so on ?
> without
> testing everything ?
Let's step back a little. Are you allowing users to compose URL's.
The "normal" way of doing that is to have a form where users type in
their request, and then YOUR CODE forms the url.

In that case, you don't have to worry about the case, then way you
have described it.

I have never seen a system where users casn muck around with the url
directly (unless super-technies or something).

I think you mean where users are *expected* to muck around with the url.
It's easy enough to play with any get string you want, although you're
right, it's only likely to be tech types or people trying to see if
they can break your site or do sql injection. However I agree with the rest of your post and it seems odd to me to
expect people to remember to type in a question mark, followed by some
letters, an equals sign and then some numbers and expect them to enter
it correctly.


I will post some link in newspapers (advertisement) for
1) promote my site
2) allow users get the item directly.

If I publish a link, I must provide the entire URL. I may also think about
putting a form in the main page and then provide such ad:
"get this article from www.mysite.com CODE: xxx".
but if I provide something like
"get this article from www.mysite.com?xxx". wouldn't be much better ?

Any suggestion would greately be appreciated.

Bob
Jul 17 '05 #10
Bob Bedford wrote:
"Chris Hope" <bl*******@electrictoolbox.com> a écrit dans le message
de news: ct**********@lust.ihug.co.nz...
steve wrote:
"Bob Bedford1" wrote:
> I want to allow users to get the article directly by inserting
> the announce
> ID on the URL such
> www.mysite.com?AnnID=xxx
> where xxx is the code of the announce.
>
> The problem is :
> $_GET['AnnID']
>
> if the user uses lowercase:
> www.mysite.com?annid=xxx
>
> It's there any way to get the AnnID, annid, ANNID, and so on ?
> without
> testing everything ?


Let's step back a little. Are you allowing users to compose URL's.
The "normal" way of doing that is to have a form where users type in
their request, and then YOUR CODE forms the url.

In that case, you don't have to worry about the case, then way you
have described it.

I have never seen a system where users casn muck around with the url
directly (unless super-technies or something).

I think you mean where users are *expected* to muck around with the
url. It's easy enough to play with any get string you want, although
you're right, it's only likely to be tech types or people trying to
see if they can break your site or do sql injection.

However I agree with the rest of your post and it seems odd to me to
expect people to remember to type in a question mark, followed by some
letters, an equals sign and then some numbers and expect them to enter
it correctly.


I will post some link in newspapers (advertisement) for
1) promote my site
2) allow users get the item directly.

If I publish a link, I must provide the entire URL. I may also think
about putting a form in the main page and then provide such ad:
"get this article from www.mysite.com CODE: xxx".
but if I provide something like
"get this article from www.mysite.com?xxx". wouldn't be much better ?

Any suggestion would greately be appreciated.


www.mysite.com?xxx is much better than your original suggestion of
www.mysite.com?AnnID=xxx

If the server you are hosting on supports mod_rewrite (or if it's your
own you can add it in) then you could also use mod_rewrite (as I
suggested in another post) and have www.mysite.com/xxx instead which I
think is a much safer option.

--
Chris Hope - The Electric Toolbox - http://www.electrictoolbox.com/
Jul 17 '05 #11
On Wed, 2 Feb 2005 21:21:33 +0100, "Bob Bedford"
<be******@YouKnowWhatToDoHerehotmail.com> reverently intoned upon the
aether:
You don't really care about the 'annid' bit do you. Just get the first
$_GET variable regardless of how it is keyed. User can put in
'article=xxx' or 'get=xxx' if they want!

Having said that, I find your method rather horrible.


Could you please expand your last remark ? I don't understand what you mean.


I think he is talking about asking the user to type in values in the
URL field. Instead, you could just add a small form in the left
column that has them input the document/article ID and then the from
processor simply redirect them to the article. This way, the GET
values are always created by you. And, if you do get a bad GET value,
then it is either a hacking attempt, a typo by the user, or corruption
of data in transmission.

In other terms, you are writing your software to depend on users, and
users are one of the least reliable elements of any software system.
Instead, it would be simpler to create a simple tool (form noted
above).

A complex example of this can be found at the top of the left column
at:

http://www.amazon.com/

It is a search field there.

hope this helps,

Sean
"In the End, we will remember not the words of our enemies,
but the silence of our friends."

- Martin Luther King Jr. (1929-1968)

Photo Archive @ http://www.tearnet.com/Sean
Last Updated 29 Sept. 2004
Jul 17 '05 #12

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
by: Sjaakie Helderhorst | last post by:
Hi, I recently installed the latest Fedora Core 2 but have some troubles of which I'm not sure are PHP or Apache 2 related... apologies if this is the wrong group. ...
7
by: Dan | last post by:
I was trying to troubleshoot a login page that doesn't work - it keeps saying the login/password is missing - when my tracing discovered this peculiar behavior. register_globals is off, so at...
32
by: Nuno Paquete | last post by:
Hi group. I'm using this code to see if is there any parameter for variable "menu": if($_GET == "downloads") .... But this code log errors if there is no parameter passed (this heappens at...
7
by: NotGiven | last post by:
I need to check the $_GET to make certain it is a positive integer. is_integer($_GET) is not working. I think it thinks it's a sting. So I tried casting it to an int using,...
3
by: Jim Carlock | last post by:
IF, inside the address-bar, the link appears as: index.php?CITY=Raleigh+NC or index.php?City=Raleigh+NC $_GET displays behaves like a stubborn mule and refuses to get the get and returns empty...
1
by: stephane | last post by:
I have a problem which must be in this : print" <script type='text/javascript'> document.location.replace('http://127.0.0.1/add_task.php?req_id={$maxValue}&tk_request_name={$req_name}');...
1
by: stephane | last post by:
I have a problem which must be in this : print" <script type='text/javascript'> document.location.replace('http://127.0.0.1/add_task.php?req_id={$maxValue}&tk_request_name={$req_name}');...
8
by: dude | last post by:
i'll try to be short ... i have this in html : <select name="OS" size="5"> <option value="0" selected>Please select one or more...</option> <option value="1">Windows</option> <option...
9
by: wouter | last post by:
hey hi..... I wanna make a switch wich does this: if pagid is set do A, if catid is set do B, if projectid is set do C, else do D. So i was thinking something like this:
3
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 3 Jan 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). For other local times, please check World Time Buddy In...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: Aftab Ahmad | last post by:
Hello Experts! I have written a code in MS Access for a cmd called "WhatsApp Message" to open WhatsApp using that very code but the problem is that it gives a popup message everytime I clicked on...
0
by: Aftab Ahmad | last post by:
So, I have written a code for a cmd called "Send WhatsApp Message" to open and send WhatsApp messaage. The code is given below. Dim IE As Object Set IE =...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.