Hey
Is it possible to get the FULL url that the user is on?
I made this login script..and redirects u back to the page u were on before..but it doesnt get the last part of the urll..for example if the user is on this page when they login: http://localhost/index.php?action=viewmedia&id=1
after using :
$_SERVER['PHP_SELF'] they are redirected to index.php
how do i make it so it gets the Last part 2
Thanks
Fall victim to what?.. All it does is say /restricted/path. Why would anyone eval() that variable and have it set up so that setting it to that would do something?..
That is if there is anyone out there silly enough to use eval on on anything that hasn't been checked, validated, and double checked a few times especially a superglobal of all things.
That is far beside the point anyway,
Personally, topic solved? Yes?
__________________ My NamePros Tools (firefox plugin, google gadget etc)
hm i cleaned it up using htmlspecialchars()
is it safe enough?
the only reason i m using this is because i have a login form on the right panel..so when some1 logs in..on any page..i want them to be redirected to the same page..and if they are in a page that has "id=1" or w.e...it doesnt redirect them to that ..if i just use $_SERVER['PHP_SELF']
i m using the way dan told me about..is that okay or should i switch to what beaver mentioned?
Bottom line: Are you storing this string in a database? if no, it does not need to be secured. If so, stripslashes -> addslashes or another escaping function.
Both Dan and Beaver's suggestions are exact, only Dan was using the two pre defined variables for page name and query string where as Beaver's in pre-combined to give both.
__________________ My NamePros Tools (firefox plugin, google gadget etc)
You can use lots of things to make strings safe, you could replace certain characters, use addslashes, stripslashes, htmlspecialcharacters, strip_tags... theres loads of stuff!
P.S (If you find anything wrong with the snippet of code above, lemme know so i can fix in my latest script
