4
Contributors
14
Replies
15
Views
7 Years
Discussion Span
Last Post by SKANK!!!!!
0

cwarn, i specified in my post that im using the same code on different pages and they dont all have the same get variable names. like one will be foo=blah or blaaad=doood
im putting the code in a page im including on all my webpages of my site.. i need the whole url not jus the blab.php, i need the blab.php?randomword=strr so your suggestion will not work because I DONT KNOW THE NAME of all the different get variables.

0

Then the following.

$get='';
foreach ($_GET AS $key=>$val) {
$get.=(empty($get))?'?':'&';
$get.=urlencode($key).'='.urlencode($val);
}

$fullurl = "http://www.mysite.com".$_SERVER['SCRIPT_NAME'].$get;
0

wow, thats amazing. i still cant figure out what it means though.
it works but the only thing is that if i type in like blab.php?whatsupnoequalssign
it ads and equals sign to it?
is there a way to just have it be "whatsupnoequalssign" without adding a = to the end of it?

0

And so it is finding whatsupnoequalssign but places my script places an equals symbol at the end? If that is correct then the following should do the job.

$get='';
foreach ($_GET AS $key=>$val) {
$get.=(empty($get) && (!empty($key) || !empty($val)))?'?':'&';
$get.=(empty($key))?'':urlencode($key);
$get.=(!empty($key) && !empty($val))?'=':'';
$get.=(empty($val))?'':urlencode($val);
}
 
$fullurl = "http://www.mysite.com".$_SERVER['SCRIPT_NAME'].$get;
0

thanks, that takes the equals sign out, but theres another thing.
i think it may have to do with the url encode.
let me tell you what the script is for so u know what the problem is.
the script is for to store the url as a variable and to use that variable aka $fullurl and use a meta refresh and go to that variable link.

why do i want to go to the same page im on??
well let me tell you this. this stupid thing i dont know what it is, it freaking doesnt work right with sessions or whatever else when the user types
mysite.com OR mysite.com?blab=hey
into the url bar, becuase it only works right if theres WWW. infront of mysite.com

thats why i have to check if the thing contains a www. and if it doesnt i have to actually redirect them to the same exact page but with a www.

$fullurl =  $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'].$get;

that above is how im actually getting the code. so it tells if there is www. in the adress bar or not.

but the problem is, well when it redirects, the (i think its the url encode) puts a %3D in the url box so its not the same as the "="

for exmple:

?blah=hey you=punk

redirects to

?blah=hey+you%3Dpunk

And so it is finding whatsupnoequalssign but places my script places an equals symbol at the end? If that is correct then the following should do the job.

$get='';
foreach ($_GET AS $key=>$val) {
$get.=(empty($get) && (!empty($key) || !empty($val)))?'?':'&';
$get.=(empty($key))?'':urlencode($key);
$get.=(!empty($key) && !empty($val))?'=':'';
$get.=(empty($val))?'':urlencode($val);
}
 
$fullurl = "http://www.mysite.com".$_SERVER['SCRIPT_NAME'].$get;
0

assuming apache server
I do stuff like that in mod_rewrite on the server .htaccess file

RewriteEngine on
Rewritecond %{HTTP_HOST} !^www\.mysite\.com
RewriteRule (.*) http://www.mysite.com/$1 [R=301,L]
// this line blank

(blank lines before and after code)
ref: http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

if the url does not begin with www.mysite.com replace it with www.mysite.com
append everything after mysite.com to the new url
tell the browser this is a permanent redirect and alter bookmarks to the correct url

Edited by almostbob: n/a

0

hi. thanks but i dont have acess to th emodrwrite kind of thing and dont know what it is anyways. i am wary that taking the url_encode() function out will cause a problem? do u know if taking out the url encode functions will make it work? and it will be fine(not cause a problem)??

0

that mod_rewrite kind of thing,
is a text file,
like php html cgi asp,
it just tells the server to do something as any other script
it sits in a file called .htaccess (nothing.htaccess just an extension name) in the root folder of the site

if the result isnt what you expect when you type http://mysite.com?this=that&theother you can always delete the .htaccess file without any problem
If you are on an apache hosted site it might be worth the time to paste those five lines (blank before and after the code) to a text file called .htaccess and ftp it to your site to check if it works
bloody easier way to fix it than php scripting
it wasnt that long ago that a person wouldnt consider server side scripts php asp perl for their own use, too hard basket

Edited by almostbob: n/a

0

that mod_rewrite kind of thing,
is a text file,
like php html cgi asp,
it just tells the server to do something as any other script
it sits in a file called .htaccess (nothing.htaccess just an extension name) in the root folder of the site

if the result isnt what you expect when you type http://mysite.com?this=that&theother you can always delete the .htaccess file without any problem
If you are on an apache hosted site it might be worth the time to paste those five lines (blank before and after the code) to a text file called .htaccess and ftp it to your site to check if it works
bloody easier way to fix it than php scripting
it wasnt that long ago that a person wouldnt consider server side scripts php asp perl for their own use, too hard basket

hi. thanks but that htacess thing i dont have, like i stated, i have free hosting and its byethost. no htacess availible. so still can anybody answer my questions i asked earlier?

0

I'd suggest putting together a relative URL, as that ensures the domain is the same. The full path and query is available in:

$_SERVER['QUERY_STRING'];

However, you don't want to just echo that into HTML (as in a meta refresh), as it would open an XSS vulnerability. I I believe you can however use it in the header() function safely.

eg:

header('Location: '.$_SERVER['QUERY_STRING']);

I believe the header() function is safe from http response splitting but I'm not 100% sure. To be safe you could make sure there is no line breaks in the query.

header('Location: '.str_replace("\n", '', $_SERVER['QUERY_STRING']));

Note: The reason your session does not work without www is that www.example.com and example.com are not considered the same domain by the browser. Thus any session cookies set on www.example.com are not available to example.com

Edited by digital-ether: n/a

0

thanks but i dont i have to use the mysql_real_escape_string() function or something? cant they like put something weird in the querystring to stop the code?

I'd suggest putting together a relative URL, as that ensures the domain is the same. The full path and query is available in:

$_SERVER['QUERY_STRING'];

However, you don't want to just echo that into HTML (as in a meta refresh), as it would open an XSS vulnerability. I I believe you can however use it in the header() function safely.

eg:

header('Location: '.$_SERVER['QUERY_STRING']);

I believe the header() function is safe from http response splitting but I'm not 100% sure. To be safe you could make sure there is no line breaks in the query.

header('Location: '.str_replace("\n", '', $_SERVER['QUERY_STRING']));

Note: The reason your session does not work without www is that www.example.com and example.com are not considered the same domain by the browser. Thus any session cookies set on www.example.com are not available to example.com

0

thanks but i dont i have to use the mysql_real_escape_string() function or something? cant they like put something weird in the querystring to stop the code?

If you save it to the DB, yes, use mysql_real_escape_string() on it first.

When you write it as a HTTP header, make sure it doesn't have line breaks.

Just like how some users may want to modify mysql queries by adding special characters that have meaning in MySQL, some users may add line breaks and add their own custom http headers and body.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.