Reputation:
PHP Header Location with parameter
Is it possible to append a parameter to a PHP Header Location? I'm having trouble getting it to work. Is this syntax actually allowed?
$qry = $_SERVER['QUERY_STRING'];
header('Location: http://localhost/blast/v2/?$qry ') ;
it just won't replace $qry wit its actual value....why??
in the browser it ends up looking like this:
http://localhost/blast/v2/?$qry
thanks
Upvotes: 3
Views: 73647
Answers (4)
Reputation: 101543
Important note: do not use this exactly if you cannot be sure that $qry is safe!
Change the single quotes to double quotes:
header("Location: http://localhost/blast/v2/?$qry");
A single quoted string in PHP is treated as a string literal, which is not parsed for variables.
Double quoted strings are parsed for variables, so you will get whatever $qry contains appended, instead of literally $qry.
Upvotes: 24
Reputation: 17
wiles How to Fix the XSS attack on header location
$param = $_REQUEST['bcd'];
header("Location: abc.php/?id=$param");
Upvotes: 0
Reputation: 31
I know this is a very old post, but please, do not do this. Parameters in a header are XSS vulnerable. You can read more about XSS'ing here: owasp.org/index.php/Cross-site_Scripting_(XSS)
Upvotes: 3
Reputation: 51
You can also add multiple parameters via a header like:
$divert=$row['id']."¶m1=".($param1)."¶m2=".($param2);
header("Location:showflagsab.php?id=$divert");
which adds the two additional paramaters to the original id
These can be extracted using the $get method at their destination
Upvotes: 4
Related Questions
- header location not working in my php code
- Do I need something specific to make header Location function work properly?
- PHP header location doesn't work
- php header location not working as it should
- $variable = header location
- header location php issues
- header location information cannot modify
- php header location attribute not working
- php get_headers location
- php header location issues