Page 1 of 1
using variable as part of URL redirect
Posted: Mon Aug 27, 2007 4:40 pm
by smotta
Hi All,
I am trying to use a variable entered by the user on a form - $username, that is posted to a .php script that is supposed to redirect them to their own individual directory. the problem is that when i write
header( 'Location:
http://www.mydomain.com/$username' ) ;
It says "
www.mydomain.com/$username" does not exist.
How do i get the script to distinguish that i want it to put the user defined variable in there instead?
Thanks in advance!
-Sean
Posted: Mon Aug 27, 2007 4:43 pm
by s.dot
Use double quotes instead of single quotes.
EDIT| Use http://, too.
Posted: Tue Aug 28, 2007 12:46 am
by Kieran Huggins
also, register globals is probably off (or it should be!) o use $_POST['username'] if you aren't already. just be sure to validate the data first.
Posted: Tue Aug 28, 2007 4:52 am
by xpgeek
post it not as path, but as parameter
Code: Select all
header( "Location: http://www.mydomain.com/?user=$username'") ;
and get it as $_GET['user'] on destination php script.
Posted: Tue Aug 28, 2007 4:56 am
by shiznatix
xpgeek wrote:post it not as path, but as parameter
Code: Select all
header( "Location: http://www.mydomain.com/?user=$username'") ;
and get it as $_GET['user'] on destination php script.
unless he is using mod_rewrite or has sub directorys for each user
Posted: Tue Aug 28, 2007 6:18 am
by Steve Mellor
xpgeek wrote:post it not as path, but as parameter...
That's what I thought when I first read the post but I don't think that's actually what is being asked. It appears he has a directory set up (we will assume already created) that has the username. Lets say the username is 'badger' for this example.
He wants to link to the directory "
www.site.com/badger" and he has a post variable that is set to the username. So the code needs to be:
Code: Select all
header( "Location: http://www.mydomain.com/$_POST['username']'") ;
Of course that's without checking the POST variable first which is always advisable.[/quote]
Posted: Tue Aug 28, 2007 6:58 am
by Bon Bon
The majority of posts are suggesting that he modifies his code so that people can crack into his website.
I am asumuing he has already done some sort of sanitisation on the $username so the following will do him just fine:
Code: Select all
header("Location: http://www.mydomain.com/$username");
After all, that is all he was asking.
Posted: Tue Aug 28, 2007 7:07 am
by Steve Mellor
Bon Bon wrote:I am asumuing he has already done some sort of sanitisation on the $username...
I didn't assume anything. I know that when I am trying to get something to work I am only worried about how it works and then I can worry about security when I understand it. You are right though. Without some form of processing or checking then the code on its own is not safe at all.