Member Avatar for DeadLikeMe

Hi,
i have a problem with this code. I wanted to add the values of the parameters at the beginning to the URL entered in the code.

i already tried confirmation.php?username=$username
added the ?username=$_GET[username]

but the Url in the browser is displayed like it's written in the php file and the values are not replaced with parameters.

<?php

$amount		= $_GET['amount'];
$title		= $_GET['title'];
$auth		= $_GET['auth'];
$country	= $_GET['country'];
$currency	= $_GET['currency'];
$free		= $_GET['free'];
$function	= $_GET['function'];
$username       = $_GET['$username'];
$group          = $_GET['group'];
$groupexpiry    = $_GET['groupexpiry'];
$adminemail     = $_GET['adminemail'];


$trenner 	= "\n";

$status		= 'ok';
$url		= 'http://www.mypage.com/confirmation.php? .....';
$target		= '_blank';
$forward	= 1;

$response = 'status=' . $status;
$response.= $trenner;
$response.= 'url=' . $url;
$response.= $trenner;
$response.= 'target=' . $target;
$response.= $trenner;
$response.= 'forward=' . $forward;

echo $response;

?>

can someone help me out, to get it working?
thanks in advance

Edited by DeadLikeMe because: n/a
  • 4 Contributors
  • 6 Replies
  • 190 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by DeadLikeMe
Member Avatar for DeadLikeMe

Ok, i thought about it over and over and i think i did make a logical error?

I want, that the values of the parameters are sent to my website, where my member script can pick up these values to upgrade the user to a new group.

BUT ....

shouldn't i add the memberscript function to the file above?

the code of the memberscript api looks like this

require_once"../slpw/sitelokapi.php";
$result=slapi_addgroup($username,$group,$groupexpiry,$adminemail);

do i have to do something else, like adding some command that it adds the stuff immediately or does it do the trick already, when the file is opened and the parameters are filled with the values sent by the payment provider?

Sorry total noob.

Edited by DeadLikeMe because: n/a
Member Avatar for gunnarflax

First you should always make sure that you prevent any possible SQL-injections:

mysql_real_escape_string($_GET['variable'])

This will make sure no one is trying to get information from anything that they shouldn't if it's being used in a SQL-statement later on.

If I've understood your problem correctly it is that you get ?username=$_GET instead of e.g. ?username=smith, right? Then it is because you use ' instead of ". ' will print things literally meaning the variable's name ($_GET) instead of the variable's value (smith) which " does.

I hope this solved your problem! :)

Member Avatar for metalix

when you add info to the url it is in the format example.com?username=smith&age=14 ect.

and yeah gunnarflax is right never trust user input or info passed through the url.
they can delete your mysql tables or insert html code into your page. read a read-me here on some starter hack-proofing

Member Avatar for metalix

@raju_boini525 this will set $username as ".$username."
you can call the url by using:

<?PHP
$username='steve';
echo '<a href="page.php?username=' . $username . '">' . $username . '</a>';
//or
echo "<a href="page.php?username=$username">$username</a>";

?>

or something like that anyway.

hope that helps :)

Member Avatar for DeadLikeMe

Thanks raju_boini525
try it and worked perfectly. THANKS!!!!

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.