what thing $_GET can do

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Lphp
Forum Commoner
Posts: 74
Joined: Sun Jun 26, 2011 9:56 pm

what thing $_GET can do

Post by Lphp »

If I want to get the parameter after ? in current URL what can I do
http://localhost/ test/message.php?userid=5
can I just use $_GET
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: what thing $_GET can do

Post by twinedev »

In the example that you gave, $_GET['userid'] would be set to 5

NEVER TRUST these to be valid is getting passed to a database.

Code: Select all

$intUserID = (isset($_GET['userid']) && (int)$_GET['userid']>0) ? (int)$_GET['userid'] : 0;
This says if that parameter exists, and if the value converted to an integer is great than zero, use that converted value, otherwise, set it to 0.

-Greg
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: what thing $_GET can do

Post by social_experiment »

And seeing $_GET is user-input (indirectly), always escape it if you use it for database interaction.

Something i picked up about $_GET['variable'] is that even if you have a url like this : localhost/page.php?variable isset($_GET['variable']) will return true so you could also test to see if the variable is empty or not. I haven't tested twinedev's code but it looks like it does cater for that eventuality.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: what thing $_GET can do

Post by twinedev »

if you are just expecting an integer, using the method I gave you do not need to escape it. casting the variable as an (int) will give you only the characters 0-9 and a possible hyphen at the beginning. Anything else though, yes use something like mysql_real_escape_string()
User avatar
phazorRise
Forum Contributor
Posts: 134
Joined: Mon Dec 27, 2010 7:58 am

Re: what thing $_GET can do

Post by phazorRise »

can I just use $_GET
you can also use $_REQUEST but to be on safer side, you should use $_GET for to be more specific. also consider cleaning $_GET data before operating on database.
Lphp
Forum Commoner
Posts: 74
Joined: Sun Jun 26, 2011 9:56 pm

Re: what thing $_GET can do

Post by Lphp »

Thank you for all the replies. I just wonder what is different between the hidden field and the direct get , Usual I use the following way then Use $_GET or $_POST
<input type="hidden" name="userid" value="<?php echo $_SESSION['id'] ?>">
User avatar
phazorRise
Forum Contributor
Posts: 134
Joined: Mon Dec 27, 2010 7:58 am

Re: what thing $_GET can do

Post by phazorRise »

"get" is method of sending form data to server. when get used a querystring is appended to specified url.
hidden field is element hidden from user and holds the given value until form is submitted.
the code you've given -

Code: Select all

<input type="hidden" name="userid" value="<?php echo $_SESSION['id'] ?>">
is equivalent to -

Code: Select all

echo '<a href="somefile.php?userid='.$_SESSION['id'].'"> Text </a>';
both codes pass userid to server and can be accessible through $_GET.
I hope that's what you want to know . anyway, why are you using hidden field to send session data? it is available to you on each page where session is started.
Post Reply