Page 1 of 1
New to php, index.php?func=blahh
Posted: Sat Apr 09, 2005 5:28 pm
by soul814
posting.php?mode=newtopic&f=1&sid=2c0ec ... 75fa3d11c5
^
posting.php?mode=newtopic
how do you do that? like the ?something=function part
Thanks =)
Posted: Sat Apr 09, 2005 5:42 pm
by Chris Corbyn
?
Code: Select all
<a href="e;/dir/file.php?mode=something"e;>link</a>
The ?mode=something means that in the file.php code there will be a variable:
$_GET['mode']
whoch will have a value of "something". It lets you feed data into your scripts.
http://www.php.net/tut -> PHP tutorials
Wohoo! 1000 posts
Posted: Sat Apr 09, 2005 5:48 pm
by soul814
Searching on google about that, but I dont get it, I just started to learn about php can you give me a small sample code?
Posted: Sat Apr 09, 2005 5:55 pm
by Chris Corbyn
soul814 wrote:Searching on google about that, but I dont get it, I just started to learn about php can you give me a small sample code?
The link I posted above. It goes through a whole tutorial on PHP starting from very basic writing "Hello World!" in PHP to using forms to process data and using $_GET (which is the question you asked - even if you don't see it just yet

)
PHP.net will be your biggest source of help for PHP. Next, there's the guys here

Posted: Sat Apr 09, 2005 6:00 pm
by Chris Corbyn
Example code:
I have a file called script.php....
Code: Select all
<?php
$word = $_GETї'word']; //Gets the word from the URL
echo $word; //Writes the word to the page
?>
and I go to this URL:
Code: Select all
http://mysite.com/script.php?word=Hello!
and the output is
Hello!
I've put a script up for you (containing that exact code above).
Test it (edit the URL here to be whatever word you like):
http://www.chriscorbyn.co.uk/phpdn/words.php?word=Hello!
Posted: Sat Apr 09, 2005 6:05 pm
by soul814
ohh so if i want to run a function i would do something like
Code: Select all
<?php
$func = $_GET['func'];
if($func == "loadDB")
{
loadDB();
}
function loadDB()
{
// code
}
?>
Posted: Sat Apr 09, 2005 6:12 pm
by Chris Corbyn
That would work yes.
It might not be a good idea to allow too much to be done through the URL since as you see from the script I wrote above, it's easy for people to fiddle and change the behaviour.
Posted: Sat Apr 09, 2005 6:14 pm
by John Cartwright
Never trust anyhing that can be inputted by the user. Every variable, whetever its a $_GET, $_POST, $_COOKIE should be checked for expected values before they put into use.
Posted: Sat Apr 09, 2005 6:22 pm
by soul814
Oh i only wanted to learn that since I'm trying to link mysql w/ flash and I need php to communicate the two. I need php to load and save the information so I just needed to know how to run the function by index.php?func=load =) thanks for your help if I have any problems I'll be sure to ask
Posted: Sat Apr 09, 2005 6:23 pm
by John Cartwright
I would suggest searching the terms "sql injection" if your going to allow the user to modify the query via $_GET. The query can easily be modified if you do not sanitize your variables which can lead to several bad, bad things.
Posted: Sat Apr 09, 2005 6:34 pm
by soul814
http://www.securiteam.com/securityrevie ... 1P76E.html
looks complex but how would they modify my $_GET?
Code: Select all
function sendInfo(){
$firstName = $_POST['fname'];
$lastName = $_POST['lname'];
// db command
}
i was planning to do it something like this
Posted: Sun Apr 10, 2005 5:39 am
by timvw