Passing variable trought url

Question

I'm having a problem I have no idea what's going on, probablly is just a silly thing but I need you help.

If got a very simple login file(starting) is this one:

<?php
  include("conex.phtml");
  $link=Conectarse();
  $username = $_POST['username'];
  $pass =  $_POST['pass'];

  $city = "";
  $latitude = "";
  $longitude = "";
  //$obj = array();
  $empty="empty";
  $rows0="rows0";
  $id="";

  $result=mysql_query("select * from user where username='" . $username . "' and password=" . $pass, $link);
  if(!$result){
    header('Location: http://www.ihaveseen.org/index.html');    
  }else{
    if($rs = mysql_fetch_array($result)){   
      if ($rs==''){
        header('Location: http://www.ihaveseen.org/index.html');   
      } else {
        $id = $rs['id'];
        echo'<script>window.location="http://www.ihaveseen.org/main.php?id=hola";</script>';
        /*header('Location: http://www.ihaveseen.org/main.php?id=hola');*/
        //echo '' . $rs['id'] . '';
        //header('Location: check_incoming.php?id=' . $id); 
      }
    }else{
      header('Location: http://www.ihaveseen.org/index.html');  
    }   
  }

  mysql_close($link);
  exit();
?>

I'm trying to pass via url a variable called id = hola, very simple, right? When I go to the next file, "main.php" the code sends me a syntax error in the javascript script.

<?php 
  $id = $_GET['id'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    <title>Woyou</title>
  </head>
  <link rel="stylesheet" href="./styles/styles16.css" type="text/css" id="css"/>
  <script type="text/javascript" charset="UTF-8">
    var id = getUrlVars()["id"];
    alert("hola");
  </script>
  <body onload="" onunload="GUnload();" onkeydown="" onkeyup="" id="body">
    <div id="guarda" style="display: none;"></div>
    <iframe src='woyou.html' id="woyou_frame" name="woyou_frame" frameborder="0" scrolling="no"></iframe>
  </body>
</html>

What am I doing wrong?

Answer 1

Consider correcting the query from

$result= mysql_query("select * from user where username='" . $username . "' 
         and password=" . $pass, $link);

to

$result= mysql_query("select * from user where username='" . $username . "' 
         and password='" . $pass."'", $link);

Answer 2

getUrlVars is not defined in your page. Just paste this into your script tag (at the top)

function getUrlVars() {
    var vars = {};
    var parts = window.location.href.replace(/[?&]+([^=&]+)=([^&]*)/gi, function(m,key,value) {
        vars[key] = value;
    });
    return vars;
}

Answer 3

Re-write the html to look like this:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
    <title>Woyou</title>
    <link rel="stylesheet" href="./styles/styles16.css" type="text/css" id="css"/>
    <script type="text/javascript" charset="UTF-8">
      var id = getUrlVars()["id"];
      alert("hola");
    </script>
  </head>
  <body onload="" onunload="GUnload();" onkeydown="" onkeyup="" id="body">
    <div id="guarda" style="display: none;"></div>
    <iframe src='woyou.html' id="woyou_frame" name="woyou_frame" frameborder="0" scrolling="no"></iframe>
  </body>
</html>

You had two opening html tags and the script and link tags were not in the head tag like it's supposed to be.

Answer 4

You can directly get the value:

<script type="text/javascript" charset="UTF-8">
    var id = '<?php echo $id ?>';
    alert("hola");
    </script>