FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

pass varaibles to another page in PHP

   Frihost Forum Index -> Scripting -> Php and MySQL
 


ThePolemistis
HI,

I want to pass a varaible from one page to another.
For instance,:
when I click a link it stores a varaible "a" and opens a page Temp.php. when temp loads the page and the variable "a" written in it
In the same way, someone clicks another link, which stores varaible "b". Temp.php is loaded, with "b" written in it

I do not want to use mySQL or cookies.
What is the best way, and can you show it with the above simple example
Basically i need like a global variable


Thanks
Magicman
You mean like using the post or get methods with a form?
http://w3schools.com/php/php_get.asp
http://w3schools.com/php/php_post.asp
vinx_18
You may pass variable by using SESSIONS or COOKIES...just check it out in the net...Smile
fromegame
In the first page:
Code:
<a href="secondpage.php?var1=<?php echo $var1; ?>">

Second page:
Code:
$var1 = $_GET['var1'];

Wink
ThePolemistis
fromegame wrote:
In the first page:
Code:
<a href="secondpage.php?var1=<?php echo $var1; ?>">

Second page:
Code:
$var1 = $_GET['var1'];

Wink



Thankyou man.... this was exactly how I wanted!! Very Happy
flatliner
This is very simple and very useful!!

lets say i have a variable like so below and I want to carry this to another page and print it.

Code:


<?php

$myname = Flatliners;

?>

<a href="mypage.php?myname=#">link</a>



Then on the next page

Code:
 
<?php

$var = $_GET['myname'];

echo "$var";

?>


hope this helps and works ha
ncwdavid
The get method is very good and useful on most sites but be sure to secure it. IF you are goin to be using $_GET[] and with the variable you just got you are going to be doing a Sql query to the database then make sure you use addslashes because anyone could easily just add anything extra they want onto the url with can be extremely dangerous. Goodlook.
ThePolemistis
ncwdavid wrote:
The get method is very good and useful on most sites but be sure to secure it. IF you are goin to be using $_GET[] and with the variable you just got you are going to be doing a Sql query to the database then make sure you use addslashes because anyone could easily just add anything extra they want onto the url with can be extremely dangerous. Goodlook.


Thankyou again for your wonderful tips on security..
But need not worry... I only need to use these get method to manipulate text on a page, and some links. there is no need to access database, and all pages are viewable to all, so security here is not an issue.


Thanks again though.
Dougie1
ThePolemistis wrote:
ncwdavid wrote:
The get method is very good and useful on most sites but be sure to secure it. IF you are goin to be using $_GET[] and with the variable you just got you are going to be doing a Sql query to the database then make sure you use addslashes because anyone could easily just add anything extra they want onto the url with can be extremely dangerous. Goodlook.


Thankyou again for your wonderful tips on security..
But need not worry... I only need to use these get method to manipulate text on a page, and some links. there is no need to access database, and all pages are viewable to all, so security here is not an issue.


Thanks again though.

This may be a problem if someone puts malicious code in the GET part and then sends the link to someone, making them think your site is bad and therefore not visiting it again, making your hits decrease. They could put looping javascript popups saying fu** you etc.

So It is best to check what has been posted just out of good practise. Use htmlspecialcharacters if there is going to be no html sent. It is a quick easy way to stop maliciousness.
ThePolemistis
Dougie1 wrote:
ThePolemistis wrote:
ncwdavid wrote:
The get method is very good and useful on most sites but be sure to secure it. IF you are goin to be using $_GET[] and with the variable you just got you are going to be doing a Sql query to the database then make sure you use addslashes because anyone could easily just add anything extra they want onto the url with can be extremely dangerous. Goodlook.


Thankyou again for your wonderful tips on security..
But need not worry... I only need to use these get method to manipulate text on a page, and some links. there is no need to access database, and all pages are viewable to all, so security here is not an issue.


Thanks again though.

This may be a problem if someone puts malicious code in the GET part and then sends the link to someone, making them think your site is bad and therefore not visiting it again, making your hits decrease. They could put looping javascript popups saying fu** you etc.

So It is best to check what has been posted just out of good practise. Use htmlspecialcharacters if there is going to be no html sent. It is a quick easy way to stop maliciousness.



Hmm.... didn't think about that.... u got me thinking.... but fear not... i do have a control mechanism in place (for part) Razz

Im using an else statement to goto the 3rd option, not first or second Smile

But definetly, it will give my site a bad name, if they use swear words as a legit form of access to a certain page. Oh well,,, this is beyond our control though.
Fire Boar
Consider, if you will, the following:

Page 1:
Code:
Hello, please click here:<br />
<a href="page2.php?variable=Hello">CLICK</a>


Page 2:
Code:
This is your message:<br />
<?php echo $_GET['variable']; ?>


The person could enter into the address bar the following:

Code:
http://sample.tld/page2.php?variable=%3Cscript%20type=%22text/javascript%22%3Ealert%28%27hacked!%27%28%22%3C/script%3E


That looks very confusing, doesn't it? But when PHP reads $_GET['variable'], this is what it sees:

<script type="text/javascript">alert('hacked!')</script>


That could easily be made into something malicious, no?
ThePolemistis
Fire Boar wrote:
Consider, if you will, the following:


The person could enter into the address bar the following:

Code:
http://sample.tld/page2.php?variable=%3Cscript%20type=%22text/javascript%22%3Ealert%28%27hacked!%27%28%22%3C/script%3E


That looks very confusing, doesn't it? But when PHP reads $_GET['variable'], this is what it sees:

<script type="text/javascript">alert('hacked!')</script>


That could easily be made into something malicious, no?


Surely , if I do

Code:
if ($var1 == "hello"){
      echo "blah blah";
} elseif ($var1 == "hello2"){
      echo "blah2 blah2";
} else {
      echo "this is the stuff";
}


the alert won't show right??
No worries... ive already checked it, and the alert doesnt show Smile

Thanks for the info tho
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.