This is the community forum. For a developer response use the Client Area.
Follow us on Facebook, Twitter and YouTube!

Get identifier and reference From Page URL Parameters Using.php Page Integration
#1

Hi, Thank you for a great script!
Since my data driven pages require client side data connection I must use the URL parameters to Get $cmtx_identifier and $cmtx_reference From Page URL Parameters Using .php page Integration.
Even though actual page uses .htaccess rewrite to make friendlier page URLs, my typical "item.php" Page is like this before rewrite and where the php code executes serverside:
https://www.chrisdixonstudios.com/artgal...20Lifesize
Using "id" for $cmtx_identifier
Using "name" for $cmtx_reference
I am a sculpture artist only copy/paste coder! pasted several code examples to do this. Soooo my question is:

Could someone please review my code to see if is safest and best way to implement?
This works, but not sure if better sanitizing is best practice:

<?php
$id = false;
if(isset($_GET['id'])){
    $id = $_GET['id'];
}

$page = false;
if(isset($_GET['name'])){
    $name = $_GET['name'];
}
// Guarding against XSS: Printing out GET parameters without sanitizing them will leave your web application wide open to XSS attacks.
//Test echo print to see if we got it:
if($id !== false){
  echo '<h3>Id: ' . htmlentities($id) . ' ';
  }
if($name !== false){
  echo ' Name: ' . htmlentities($name) . '</h3>';
}
// how to implement better filter..if this is better??
//filter_input(INPUT_GET, 'id', FILTER_SANITIZE_URL);
//filter_input(INPUT_GET, 'name', FILTER_SANITIZE_URL);
if($id !== false){
  $cmtx_identifier = htmlentities($id);
}
if($name !== false){
  $cmtx_reference = htmlentities($name);
}
$cmtx_folder    = '/rate/';
require($_SERVER['DOCUMENT_ROOT'] . $cmtx_folder . 'frontend/index.php');
?>
Reply
#2

It looks good except you don't need to sanitize the $cmtx_identifier and $cmtx_reference variables, as Commentics handles that itself. In fact it's better not to because you'll over sanitize it. For example if your $name variable contains an ampersand, you then sanitize it with htmlentities() so it becomes "&amp;", then Commentics will sanitize it again so it becomes "&amp;amp;", and that won't display as intended. So the correct way is to pass the $_GET value directly to Commentics.

Have you completed the interview?
Reply
#3

Cool Thank you Steven. Yes, of course the scrip would sanitize for security and clarity. So I just set the $cmtx_identifier and $cmtx_reference variables to $id and $name from the  URL.
For any newbies like me here is the working code:
<?php
$id = false;
if(isset($_GET['id'])){
    $id = $_GET['id'];
}

$page = false;
if(isset($_GET['name'])){
    $name = $_GET['name'];
}

//Don't need to sanitize the $cmtx_identifier and $cmtx_reference variables, as Commentics handles that itself! $cmtx_identifier = htmlentities($id);

if($id !== false){
  $cmtx_identifier = $id;
}
if($name !== false){
  $cmtx_reference = $name;
}
$cmtx_folder    = '/rate/';
require($_SERVER['DOCUMENT_ROOT'] . $cmtx_folder . 'frontend/index.php');
?>
Reply


Possibly Related Threads…
Thread / Author Replies Views Last Post
Last Post by afoster
21-Aug-2020, 06:47 PM
Last Post by Steven
04-Jul-2020, 06:46 PM
Last Post by MattyP
13-Apr-2020, 08:33 PM
Last Post by Steven
23-Jan-2019, 02:07 PM

Forum Jump:


Users browsing this thread: 1 Guest(s)