03-Oct-2020, 06:49 PM
Hi, Thank you for a great script!
Since my data driven pages require client side data connection I must use the URL parameters to Get $cmtx_identifier and $cmtx_reference From Page URL Parameters Using .php page Integration.
Even though actual page uses .htaccess rewrite to make friendlier page URLs, my typical "item.php" Page is like this before rewrite and where the php code executes serverside:
https://www.chrisdixonstudios.com/artgal...20Lifesize
Using "id" for $cmtx_identifier
Using "name" for $cmtx_reference
I am a sculpture artist only copy/paste coder! pasted several code examples to do this. Soooo my question is:
Could someone please review my code to see if is safest and best way to implement?
This works, but not sure if better sanitizing is best practice:
<?php
$id = false;
if(isset($_GET['id'])){
$id = $_GET['id'];
}
$page = false;
if(isset($_GET['name'])){
$name = $_GET['name'];
}
// Guarding against XSS: Printing out GET parameters without sanitizing them will leave your web application wide open to XSS attacks.
//Test echo print to see if we got it:
if($id !== false){
echo '<h3>Id: ' . htmlentities($id) . ' ';
}
if($name !== false){
echo ' Name: ' . htmlentities($name) . '</h3>';
}
// how to implement better filter..if this is better??
//filter_input(INPUT_GET, 'id', FILTER_SANITIZE_URL);
//filter_input(INPUT_GET, 'name', FILTER_SANITIZE_URL);
if($id !== false){
$cmtx_identifier = htmlentities($id);
}
if($name !== false){
$cmtx_reference = htmlentities($name);
}
$cmtx_folder = '/rate/';
require($_SERVER['DOCUMENT_ROOT'] . $cmtx_folder . 'frontend/index.php');
?>
Since my data driven pages require client side data connection I must use the URL parameters to Get $cmtx_identifier and $cmtx_reference From Page URL Parameters Using .php page Integration.
Even though actual page uses .htaccess rewrite to make friendlier page URLs, my typical "item.php" Page is like this before rewrite and where the php code executes serverside:
https://www.chrisdixonstudios.com/artgal...20Lifesize
Using "id" for $cmtx_identifier
Using "name" for $cmtx_reference
I am a sculpture artist only copy/paste coder! pasted several code examples to do this. Soooo my question is:
Could someone please review my code to see if is safest and best way to implement?
This works, but not sure if better sanitizing is best practice:
<?php
$id = false;
if(isset($_GET['id'])){
$id = $_GET['id'];
}
$page = false;
if(isset($_GET['name'])){
$name = $_GET['name'];
}
// Guarding against XSS: Printing out GET parameters without sanitizing them will leave your web application wide open to XSS attacks.
//Test echo print to see if we got it:
if($id !== false){
echo '<h3>Id: ' . htmlentities($id) . ' ';
}
if($name !== false){
echo ' Name: ' . htmlentities($name) . '</h3>';
}
// how to implement better filter..if this is better??
//filter_input(INPUT_GET, 'id', FILTER_SANITIZE_URL);
//filter_input(INPUT_GET, 'name', FILTER_SANITIZE_URL);
if($id !== false){
$cmtx_identifier = htmlentities($id);
}
if($name !== false){
$cmtx_reference = htmlentities($name);
}
$cmtx_folder = '/rate/';
require($_SERVER['DOCUMENT_ROOT'] . $cmtx_folder . 'frontend/index.php');
?>
Thank you Steven. Yes, of course the scrip would sanitize for security and clarity. So I just set the $cmtx_identifier and $cmtx_reference variables to $id and $name from the URL.