Page 1 of 1

$HTTP_REFERER problem

Posted: Mon Dec 15, 2003 10:09 am
by lhelmer
I'm having trouble with the $HTTP_REFERER variable. I don't want to execute the contained code (update counter) if the person is browsing from a certain page. Can someone tell me why my if statement allows the contained code to run?


Thanks
Lou


<?PHP
if($HTTP_REFERER != "www.mydomain.com/index.php")
{
$db = "YouThinkIWouldTellYou";
$admin = "admin";
$adpass = "guess";
$mysql_link = mysql_connect("172.22.0.0", $admin, $adpass);
mysql_select_db($db, $mysql_link);
$result = mysql_query("SELECT impressions from tds_counter where COUNT_ID='3'", $mysql_link);
if(mysql_num_rows($result)) {
mysql_query("UPDATE tds_counter set impressions=impressions+1 where COUNT_ID='3'", $mysql_link);
$row = mysql_fetch_row($result);
if($inv != 1) {
}
}
}
?>

Posted: Mon Dec 15, 2003 10:42 am
by Saethyr
Try this:

Code: Select all

<?php
if($_SERVER['HTTP_REFERER'] != "www.mydomain.com/index.php") 
{ 
$db = "YouThinkIWouldTellYou"; 
$admin = "admin"; 
$adpass = "guess"; 
$mysql_link = mysql_connect("172.22.0.0", $admin, $adpass); 
mysql_select_db($db, $mysql_link); 
$result = mysql_query("SELECT impressions from tds_counter where COUNT_ID='3'", $mysql_link); 
if(mysql_num_rows($result)) { 
mysql_query("UPDATE tds_counter set impressions=impressions+1 where COUNT_ID='3'", $mysql_link); 
$row = mysql_fetch_row($result); 
if($inv != 1) { 
} 
} 
} 
?>
No Gaurentees but this may have something to do with register_globals being off


Saethyr

Posted: Mon Dec 15, 2003 1:40 pm
by delorian
It's better to use this:

Code: Select all

<?php

if(!preg_match("|^http:\/\/www\.mydomain\.com\/index\.php$|i",$_SERVER['HTTP_REFERER'])) 
{ // ....

Posted: Tue Dec 16, 2003 2:18 am
by twigletmac
Also don't forget:
PHP Manual wrote:'HTTP_REFERER'

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
http://php.net/reserved.variables

Mac