CODEWITHSUNDEEP
php
Gerald Ferreira
Gerald Ferreira

Reputation: 1337

PHP Request.QueryString - $_GET with conditions not sure how to

I am not familiar with php and want to write a redirect script using php (The server I am working on does not support asp)

I think it needs to be something like this

<?php if ($_GET[id]; == 'test') {echo '<meta http-equiv="refresh" content="0;URL=http://www.test.com" />'} ?>

I want to send a query string like http://www.domain.com?id=test then the page should redirect to http://www.test.com or a query like http://www.domain.com?id=example and it shoud redirect to http://www.theexamplesite.com

Using javascript and classic asp I would have done it like this:

<% if (Request.QueryString("id") == 'test') { %><meta http-equiv="refresh" content="0;URL=http://www.test.com" /><% } %>
<% if (Request.QueryString("id") == 'example') { %><meta http-equiv="refresh" content="0;URL=http://www.theexamplesite.com" /><% } %>

Hope you can help me!

Thanks

Upvotes: 0

Views: 4033

Answers (5)

Geoffrey Bachelet
Geoffrey Bachelet

Reputation: 4317

<?php

$targets = array(
  'test'    => 'http://www.test.com/',
  'example' => 'http://www.theexamplesite.com/',
);

if (isset($_GET['id']) && isset($targets[$_GET['id']]))
{
  header('Location: '.$targets[$_GET['id']]);
  exit;
}

That way you have a good view of your configured redirects and are able to add / remove / update them easily !

Upvotes: 5

Salman Arshad
Salman Arshad

Reputation: 272086

I fail to see why were not accomplish the task given that you have ASP/JavaScript knowledge. Just tweak your asp script a little bit:

<?php
    if ($_GET["id"] == 'test')
    {
        ?>
        <meta http-equiv="refresh" content="0;URL=http://www.test.com" />
        <?php
    }
    if ($_GET["id"] == 'example')
    {
        ?>
        <meta http-equiv="refresh" content="0;URL=http://www.theexamplesite.com" />
        <?php
    }
?>

There are other constructs available to do the same job such as switch...case or the ?: operator. The ?: operator can shorten up your code quite a bit:

<meta http-equiv="refresh" content="0;URL=<?php echo $_GET['id'] == 'test' ? 'http://www.test.com' : 'http://www.theexamplesite.com'; ?>" />

Upvotes: 1

Felix Kling
Felix Kling

Reputation: 816334

You have a syntax error. It should be:

if ($_GET['id'] == 'test')

But for the actual redirect, you might want to use header:

if(array_key_exists('id', $_GET) {
    if($_GET['id'] === 'test') {
        header('Location: http://www.test.com');
    }
    else if($_GET['id'] === 'example') {
        header('Location: http://www.theexamplesite.com');
    }
}

Reference: array_key_exists

Upvotes: 3

Ed Manet
Ed Manet

Reputation: 3178

This just looks like a target for exploitation. Make sure you do some validation on the value of $_GET['id'] before you start redirecting the users. If someone does http://www.domain.com?id=http://www.maliciouswebsite.com, will your script take them there?

Just be careful with redirects and do a lot of input validation.

Upvotes: 1

user432219
user432219

Reputation:

You can simply write:

<?php

if ($_GET[id] == 'test') {
    header('Location: http://www.test.com');
}
else {
    // real output
}

?>

Upvotes: 1

Related Questions