using variable as part of URL redirect
Moderator: General Moderators
using variable as part of URL redirect
Hi All,
I am trying to use a variable entered by the user on a form - $username, that is posted to a .php script that is supposed to redirect them to their own individual directory. the problem is that when i write
header( 'Location: http://www.mydomain.com/$username' ) ;
It says "www.mydomain.com/$username" does not exist.
How do i get the script to distinguish that i want it to put the user defined variable in there instead?
Thanks in advance!
-Sean
I am trying to use a variable entered by the user on a form - $username, that is posted to a .php script that is supposed to redirect them to their own individual directory. the problem is that when i write
header( 'Location: http://www.mydomain.com/$username' ) ;
It says "www.mydomain.com/$username" does not exist.
How do i get the script to distinguish that i want it to put the user defined variable in there instead?
Thanks in advance!
-Sean
Use double quotes instead of single quotes.
EDIT| Use http://, too.
EDIT| Use http://, too.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
- xpgeek
- Forum Contributor
- Posts: 146
- Joined: Mon May 22, 2006 1:45 am
- Location: Kyiv, Ukraine
- Contact:
post it not as path, but as parameter
and get it as $_GET['user'] on destination php script.
Code: Select all
header( "Location: http://www.mydomain.com/?user=$username'") ;- shiznatix
- DevNet Master
- Posts: 2745
- Joined: Tue Dec 28, 2004 5:57 pm
- Location: Tallinn, Estonia
- Contact:
unless he is using mod_rewrite or has sub directorys for each userxpgeek wrote:post it not as path, but as parameter
and get it as $_GET['user'] on destination php script.Code: Select all
header( "Location: http://www.mydomain.com/?user=$username'") ;
-
Steve Mellor
- Forum Commoner
- Posts: 49
- Joined: Thu Aug 02, 2007 8:18 am
That's what I thought when I first read the post but I don't think that's actually what is being asked. It appears he has a directory set up (we will assume already created) that has the username. Lets say the username is 'badger' for this example.xpgeek wrote:post it not as path, but as parameter...
He wants to link to the directory "www.site.com/badger" and he has a post variable that is set to the username. So the code needs to be:
Code: Select all
header( "Location: http://www.mydomain.com/$_POST['username']'") ;The majority of posts are suggesting that he modifies his code so that people can crack into his website.
I am asumuing he has already done some sort of sanitisation on the $username so the following will do him just fine:
After all, that is all he was asking.
I am asumuing he has already done some sort of sanitisation on the $username so the following will do him just fine:
Code: Select all
header("Location: http://www.mydomain.com/$username");-
Steve Mellor
- Forum Commoner
- Posts: 49
- Joined: Thu Aug 02, 2007 8:18 am
I didn't assume anything. I know that when I am trying to get something to work I am only worried about how it works and then I can worry about security when I understand it. You are right though. Without some form of processing or checking then the code on its own is not safe at all.Bon Bon wrote:I am asumuing he has already done some sort of sanitisation on the $username...