468,247 Members | 1,327 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,247 developers. It's quick & easy.

Problems with $_GET

I have a page which I enter thusly:

http://my.domain/mypage.phtml?absid=...age=somestring

and inside mypage.phtml I do this:

$absid = $_GET["absid"];

Unfortunately, and I can't easily fix this in the short term, my
"somestring" may contain "absid=456". I think this screws up
mypage.phtml as it then runs with a wrong value of $absid (456 instead
of 123). This is what I suspect is happening, anyway.

I guess PHP is looking at the URL and just scanning from left to right
looking for ?xxx=value and &xxx=value pairs, right? If so, is there any
way to make it ignore subsequent values of xxx?

Thanks,

-- tim
Mar 8 '06 #1
4 1187
One rule of web development is you cannot rely on the GET/POST data at
all as the client can forge it very very easiy. You shoul do some data
checking and error handling to prevent this.

If you are trying to pass multiple values for the same parameter name,
append [] to them and they will come in as an array.
ie: ?asdf[]=foo&asdf[]=bar

You can try parse_url(), but that is probably what php uses to parse
$_GET anyways, so you'd have to write your own function to parse it and
take the first value and ignore the subsequent values.

Mar 8 '06 #2
Tim Streater wrote:
I have a page which I enter thusly:

http://my.domain/mypage.phtml?absid=...age=somestring

and inside mypage.phtml I do this:

$absid = $_GET["absid"];

Unfortunately, and I can't easily fix this in the short term, my
"somestring" may contain "absid=456".


It shouldn't do, it should contain "absid%3D456" i.e. the = within the
parameter should be urlencoded. If you're generating that url you
should wrap the parameter in urlencode().

This would then enable PHP to correctly parse each parameter.

Cheers,
Andy
Mar 8 '06 #3
In article <ba*******************@fe02.news.easynews.com>,
Andy Jeffries <ne**@andyjeffries.co.uk> wrote:
Tim Streater wrote:
I have a page which I enter thusly:

http://my.domain/mypage.phtml?absid=...age=somestring

and inside mypage.phtml I do this:

$absid = $_GET["absid"];

Unfortunately, and I can't easily fix this in the short term, my
"somestring" may contain "absid=456".


It shouldn't do, it should contain "absid%3D456" i.e. the = within the
parameter should be urlencoded. If you're generating that url you
should wrap the parameter in urlencode().


Thanks, this was the correct pointer. When I came to look at my code
again I remembered that most of this work was being done in JavaScript
but the principle is the same - I added an escape call and all is now
fine.

Thanks!

-- tim
Mar 9 '06 #4
On Thu, 09 Mar 2006 13:15:07 +0000, Tim Streater wrote:
It shouldn't do, it should contain "absid%3D456" i.e. the = within the
parameter should be urlencoded. If you're generating that url you
should wrap the parameter in urlencode().


Thanks, this was the correct pointer. When I came to look at my code again
I remembered that most of this work was being done in JavaScript but the
principle is the same - I added an escape call and all is now fine.


No worries mate.

Cheers,
Andy

--
Andy Jeffries MBCS CITP ZCE | gPHPEdit Lead Developer
http://www.gphpedit.org | PHP editor for Gnome 2
http://www.andyjeffries.co.uk | Personal site and photos

Mar 9 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by James | last post: by
6 posts views Thread by Fire Juggler | last post: by
2 posts views Thread by Mike | last post: by
8 posts views Thread by IWP506 | last post: by
24 posts views Thread by moriman | last post: by
1 post views Thread by Amanda H. | last post: by
reply views Thread by kermitthefrogpy | last post: by
reply views Thread by zattat | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.