Page 1 of 1

what thing $_GET can do

Posted: Fri Aug 26, 2011 5:38 am
by Lphp
If I want to get the parameter after ? in current URL what can I do
http://localhost/ test/message.php?userid=5
can I just use $_GET

Re: what thing $_GET can do

Posted: Fri Aug 26, 2011 6:41 am
by twinedev
In the example that you gave, $_GET['userid'] would be set to 5

NEVER TRUST these to be valid is getting passed to a database.

Code: Select all

$intUserID = (isset($_GET['userid']) && (int)$_GET['userid']>0) ? (int)$_GET['userid'] : 0;
This says if that parameter exists, and if the value converted to an integer is great than zero, use that converted value, otherwise, set it to 0.

-Greg

Re: what thing $_GET can do

Posted: Fri Aug 26, 2011 8:22 am
by social_experiment
And seeing $_GET is user-input (indirectly), always escape it if you use it for database interaction.

Something i picked up about $_GET['variable'] is that even if you have a url like this : localhost/page.php?variable isset($_GET['variable']) will return true so you could also test to see if the variable is empty or not. I haven't tested twinedev's code but it looks like it does cater for that eventuality.

Re: what thing $_GET can do

Posted: Fri Aug 26, 2011 10:24 pm
by twinedev
if you are just expecting an integer, using the method I gave you do not need to escape it. casting the variable as an (int) will give you only the characters 0-9 and a possible hyphen at the beginning. Anything else though, yes use something like mysql_real_escape_string()

Re: what thing $_GET can do

Posted: Sat Aug 27, 2011 11:55 am
by phazorRise
can I just use $_GET
you can also use $_REQUEST but to be on safer side, you should use $_GET for to be more specific. also consider cleaning $_GET data before operating on database.

Re: what thing $_GET can do

Posted: Sun Aug 28, 2011 8:49 pm
by Lphp
Thank you for all the replies. I just wonder what is different between the hidden field and the direct get , Usual I use the following way then Use $_GET or $_POST
<input type="hidden" name="userid" value="<?php echo $_SESSION['id'] ?>">

Re: what thing $_GET can do

Posted: Mon Aug 29, 2011 7:06 am
by phazorRise
"get" is method of sending form data to server. when get used a querystring is appended to specified url.
hidden field is element hidden from user and holds the given value until form is submitted.
the code you've given -

Code: Select all

<input type="hidden" name="userid" value="<?php echo $_SESSION['id'] ?>">
is equivalent to -

Code: Select all

echo '<a href="somefile.php?userid='.$_SESSION['id'].'"> Text </a>';
both codes pass userid to server and can be accessible through $_GET.
I hope that's what you want to know . anyway, why are you using hidden field to send session data? it is available to you on each page where session is started.