0

Hi,
i have a problem with this code. I wanted to add the values of the parameters at the beginning to the URL entered in the code.

i already tried confirmation.php?username=$username
added the ?username=$_GET[username]

but the Url in the browser is displayed like it's written in the php file and the values are not replaced with parameters.

<?php

$amount		= $_GET['amount'];
$title		= $_GET['title'];
$auth		= $_GET['auth'];
$country	= $_GET['country'];
$currency	= $_GET['currency'];
$free		= $_GET['free'];
$function	= $_GET['function'];
$username       = $_GET['$username'];
$group          = $_GET['group'];
$groupexpiry    = $_GET['groupexpiry'];
$adminemail     = $_GET['adminemail'];


$trenner 	= "\n";

$status		= 'ok';
$url		= 'http://www.mypage.com/confirmation.php? .....';
$target		= '_blank';
$forward	= 1;

$response = 'status=' . $status;
$response.= $trenner;
$response.= 'url=' . $url;
$response.= $trenner;
$response.= 'target=' . $target;
$response.= $trenner;
$response.= 'forward=' . $forward;

echo $response;

?>

can someone help me out, to get it working?
thanks in advance

Edited by DeadLikeMe: n/a

4
Contributors
6
Replies
7
Views
7 Years
Discussion Span
Last Post by DeadLikeMe
0

Ok, i thought about it over and over and i think i did make a logical error?

I want, that the values of the parameters are sent to my website, where my member script can pick up these values to upgrade the user to a new group.

BUT ....

shouldn't i add the memberscript function to the file above?

the code of the memberscript api looks like this

require_once"../slpw/sitelokapi.php";
$result=slapi_addgroup($username,$group,$groupexpiry,$adminemail);

do i have to do something else, like adding some command that it adds the stuff immediately or does it do the trick already, when the file is opened and the parameters are filled with the values sent by the payment provider?

Sorry total noob.

Edited by DeadLikeMe: n/a

0

First you should always make sure that you prevent any possible SQL-injections:

mysql_real_escape_string($_GET['variable'])

This will make sure no one is trying to get information from anything that they shouldn't if it's being used in a SQL-statement later on.

If I've understood your problem correctly it is that you get ?username=$_GET instead of e.g. ?username=smith, right? Then it is because you use ' instead of ". ' will print things literally meaning the variable's name ($_GET) instead of the variable's value (smith) which " does.

I hope this solved your problem! :)

0

when you add info to the url it is in the format example.com?username=smith&age=14 ect.

and yeah gunnarflax is right never trust user input or info passed through the url.
they can delete your mysql tables or insert html code into your page. read a read-me here on some starter hack-proofing

0

@raju_boini525 this will set $username as ".$username."
you can call the url by using:

<?PHP
$username='steve';
echo '<a href="page.php?username=' . $username . '">' . $username . '</a>';
//or
echo "<a href="page.php?username=$username">$username</a>";

?>

or something like that anyway.

hope that helps :)

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.