I have a (hopefully) quick question. When I send a single piece of data in the URL to the next webpage, I get the behavior I'm expecting. I need to send two pieces of data and can not get it to work. I have session_start() at the top of both pages and session.use_trans_sid in my php.ini is set to 0 for security reasons. The PHP manual says that I can use htmlspecialchars(SID), it says:
The following example demonstrates how to register a variable, and how to link correctly to another page using SID.
Code: Select all
<?php
session_start();
if (empty($_SESSION['count'])) {
$_SESSION['count'] = 1;
} else {
$_SESSION['count']++;
}
?>
<p>
Hello visitor, you have seen this page <?php echo $_SESSION['count']; ?> times.
</p>
<p>
To continue, <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?>">click
here</a>.
</p>OK, good enough. I need to send the SID to the next page, and I need to send the instance_id too. What I have tried to do is this:The htmlspecialchars() may be used when printing the SID in order to prevent XSS related attacks.
Code: Select all
<a href="srch_detail_autos.php?instance_id=<?php echo $row_rsautos['instance_id']; ?>"?session_id="<?php echo htmlspecialchars(SID); ?>" ><?php echo stripslashes($row_rsautos['title']); ?></a>
<a href="srch_detail_autos.php?instance_id=<?php echo $row_rsautos['instance_id']; ?>"?session_id='<?php echo htmlspecialchars(SID); ?>' ><?php echo stripslashes($row_rsautos['title']); ?></a>Code: Select all
<a href="srch_detail_autos.php?instance_id=<?php echo $row_rsautos['instance_id']; ?>?session_id=<?php echo htmlspecialchars(SID); ?>" ><?php echo stripslashes($row_rsautos['title']); ?></a>And when I hover over the link, I can see the instance_id and “session_id=” but no SID. The browser is not reading the PHP echo statement.
I also tried numerous other versions of this, but they looked completely wrong in the editor and /or throw errors. I seem to recall that there is a special character for this (to add more pieces of data to the URL), but everything I have plugged in to the code fails. Is there a simple way of writing more than one piece of data to the URL? Thanks very much for your time, I really appreciate it!
Cheers,
Rick