Comments on: Basic of $_GET variables (PHP) http://seich.martianwabbit.com/basic-of-_get-variables-php/ Legendarido... Thu, 24 Jun 2010 18:32:38 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Seich http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-1024 Seich Thu, 24 Jun 2010 18:32:38 +0000 http://seich.martianwabbit.com/?p=96#comment-1024 It is not really bad for SEO, you can take a look at wordpress for example, all pages are dynamically generated and it works fine with web-crawlers. Pages are pre-rendered by the server for the crawlers so, they see the same as you do. If you are interested in SEO the best thing to do is edit your .htaccess file so that your pages are something more meaningful (http://www.something.com/pagename/ rather than http://www.something.com/index.php?page=pagename). This is used by sites like wordpress and such. I would recommend you check out this tutorial for more information: <a href="http://net.tutsplus.com/tutorials/other/using-htaccess-files-for-pretty-urls/" target="_blank" rel="nofollow">http://net.tutsplus.com/tutorials/other/using-htaccess-files-for-pretty-urls/</a> This can be easily achieved if you are pulling information out of a mysql database since, you can just have the url be the query and figure some kind of organization mechanism. Just make sure to double-check for the value being entered to protect yourself from an sql injection as much as possible. It is not really bad for SEO, you can take a look at wordpress for example, all pages are dynamically generated and it works fine with web-crawlers. Pages are pre-rendered by the server for the crawlers so, they see the same as you do. If you are interested in SEO the best thing to do is edit your .htaccess file so that your pages are something more meaningful (http://www.something.com/pagename/ rather than http://www.something.com/index.php?page=pagename). This is used by sites like wordpress and such. I would recommend you check out this tutorial for more information: http://net.tutsplus.com/tutorials/other/using-htaccess-files-for-pretty-urls/

This can be easily achieved if you are pulling information out of a mysql database since, you can just have the url be the query and figure some kind of organization mechanism. Just make sure to double-check for the value being entered to protect yourself from an sql injection as much as possible.

]]> By: JackLloyd http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-1023 JackLloyd Thu, 24 Jun 2010 12:21:06 +0000 http://seich.martianwabbit.com/?p=96#comment-1023 Just have a question, I was wondering what bots like googles crawler see when you have pages like this? Do they struggle to index your entire site? Basically, it is good for SEO? Just have a question, I was wondering what bots like googles crawler see when you have pages like this? Do they struggle to index your entire site? Basically, it is good for SEO?

]]> By: JackLloyd. http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-1022 JackLloyd. Wed, 23 Jun 2010 19:22:31 +0000 http://seich.martianwabbit.com/?p=96#comment-1022 Came accross this when searching google. Very helpful thank you! Came accross this when searching google. Very helpful thank you!

]]> By: Seich http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-981 Seich Fri, 01 Jan 2010 11:04:23 +0000 http://seich.martianwabbit.com/?p=96#comment-981 I don't really have a tutorial for that. Sorry. the thing about get variables is that you can freely edit them when you pass them. The best way to have them being safe is to check the values being passed with a very rigorous criteria. escaping characters, making sure it cannot do anything else than what you want it to. If you tell me a little on what kind of thing you are trying to make I'll gladly try to help you as much as possible. I don’t really have a tutorial for that. Sorry. the thing about get variables is that you can freely edit them when you pass them. The best way to have them being safe is to check the values being passed with a very rigorous criteria. escaping characters, making sure it cannot do anything else than what you want it to.
If you tell me a little on what kind of thing you are trying to make I’ll gladly try to help you as much as possible.

]]> By: Zelina http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-980 Zelina Fri, 01 Jan 2010 03:39:13 +0000 http://seich.martianwabbit.com/?p=96#comment-980 Thanks Seich, That helps introduce me to php and how the previous programmer structured our pages. Drupal PHP Code Monkey says the GET array isn't safe. How do I make it production safe? Do you have a tutorial? Thanks Seich,
That helps introduce me to php and how the previous programmer structured our pages.
Drupal PHP Code Monkey says the GET array isn’t safe.
How do I make it production safe?
Do you have a tutorial?

]]> By: Seich http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-979 Seich Sun, 20 Dec 2009 07:56:49 +0000 http://seich.martianwabbit.com/?p=96#comment-979 <blockquote cite="#comment-body-978"> <strong><a href="#comment-978" rel="nofollow">daryl</a> :</strong> <div class="avatar"> <img alt="" src="http://www.gravatar.com/avatar/c0107ff6df7712751e868dc3d1ef5431?s=64&d=http%3A%2F%2Fwww.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D64&r=G" class="avatar avatar-64 photo" height="64" width="64"> </div> <p>Hi I just wan to ask :</br> if I have this var =”THE MAN” can this var be sent by $_GET[] ? tx if you don’t mind pls reply to my email too.</br> rgds,<br> -daryl</p> <a id="comment-reply-978" rel="nofollow"></a> </blockquote> If you had a variable $test = "hello World" you would be able to pass it on to the next page by adding "?test=Hello World" to the link.. that way you would be able to retrieve it using $test = $_GET['test']; if you are using a form or something of that kind I would recommend using $_POST stuff.. if you give me some few details about what you are trying to do I could be a little more specific..

daryl :

Hi I just wan to ask :
if I have this var =”THE MAN”
can this var be sent by $_GET[] ? tx if you don’t mind pls reply to my email too.
rgds,
-daryl

If you had a variable $test = “hello World” you would be able to pass it on to the next page by adding “?test=Hello World” to the link.. that way you would be able to retrieve it using $test = $_GET['test']; if you are using a form or something of that kind I would recommend using $_POST stuff.. if you give me some few details about what you are trying to do I could be a little more specific..

]]> By: daryl http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-978 daryl Sun, 20 Dec 2009 01:55:33 +0000 http://seich.martianwabbit.com/?p=96#comment-978 Hi I just wan to ask : if I have this var ="THE MAN" can this var be sent by $_GET[] ? tx if you don't mind pls reply to my email too. rgds, -daryl Hi I just wan to ask :

if I have this var =”THE MAN”

can this var be sent by $_GET[] ? tx if you don’t mind pls reply to my email too.

rgds,
-daryl

]]> By: Seich http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-976 Seich Sat, 14 Nov 2009 04:37:11 +0000 http://seich.martianwabbit.com/?p=96#comment-976 <blockquote cite="#comment-body-974"> <strong><a href="#comment-974" rel="nofollow">Drupal PHP Code Monkey</a> :</strong> <div class="avatar"> <img alt="" src="http://www.gravatar.com/avatar/9b7e175754ec0097460958e1cb224dd4?s=64&d=http%3A%2F%2Fwww.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D64&r=G" class="avatar avatar-64 photo" width="64" height="64"> </div> <p>Values in the GET array should not be trusted. You need to clean them before using them. Including files in this way opens your site up to reading arbitrary files on your web server. Try moving around the fs using ../../ and stuff. Also, echoing the unclean id in the title tag allows for Cross Site Scripting stuff like this: <a href="http://martianwabbit.com/page.php?id=alert%28/XSS/%29;" rel="nofollow">http://martianwabbit.com/page.php?id=alert(/XSS/);</a></p> <a id="comment-reply-974" rel="nofollow"></a> </blockquote> Yes, I definately agree with you, this code example is by no means production safe and shouldn't be used at all. It was mostly used to show how information from the $_GET array could be used.

Drupal PHP Code Monkey :

Values in the GET array should not be trusted. You need to clean them before using them. Including files in this way opens your site up to reading arbitrary files on your web server. Try moving around the fs using ../../ and stuff. Also, echoing the unclean id in the title tag allows for Cross Site Scripting stuff like this: http://martianwabbit.com/page.php?id=alert(/XSS/);

Yes, I definately agree with you, this code example is by no means production safe and shouldn’t be used at all. It was mostly used to show how information from the $_GET array could be used.

]]> By: Drupal PHP Code Monkey http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-975 Drupal PHP Code Monkey Fri, 13 Nov 2009 11:01:47 +0000 http://seich.martianwabbit.com/?p=96#comment-975 Wordpress stripped out my tags. If you surround that JavaScript alert with script tags, it will execute and create a JS pop-up. I'll paste the escaped html here, but wordpress might filter it again. I hope you get the idea. page.php?id=<script>alert(/XSS/)</script> Wordpress stripped out my tags. If you surround that JavaScript alert with script tags, it will execute and create a JS pop-up. I’ll paste the escaped html here, but wordpress might filter it again. I hope you get the idea.

page.php?id=<script>alert(/XSS/)</script>

]]> By: Drupal PHP Code Monkey http://seich.martianwabbit.com/basic-of-_get-variables-php/comment-page-1/#comment-974 Drupal PHP Code Monkey Fri, 13 Nov 2009 10:56:07 +0000 http://seich.martianwabbit.com/?p=96#comment-974 Values in the GET array should not be trusted. You need to clean them before using them. Including files in this way opens your site up to reading arbitrary files on your web server. Try moving around the fs using ../../ and stuff. Also, echoing the unclean id in the title tag allows for Cross Site Scripting stuff like this: http://martianwabbit.com/page.php?id=alert(/XSS/); Values in the GET array should not be trusted. You need to clean them before using them. Including files in this way opens your site up to reading arbitrary files on your web server. Try moving around the fs using ../../ and stuff. Also, echoing the unclean id in the title tag allows for Cross Site Scripting stuff like this: http://martianwabbit.com/page.php?id=alert(/XSS/);

]]>