e107help.org Q&A
0 like 0 dislike
I am working on extending a plugin I have made, I am trying to make it so it is kinda like the custom pages (page.php) which would show database ID 1 as page.php?1 etc and show the stuff for that page.

 

I want to make 3 pages, ble.php, ts3.php, and vent.php - each page will display servers on each page. Right now I have ts3.php working some what, it displays the servers in one page - I want to limit that so ts3.php?id=1 or so on will display only server ID 1 etc...

 

Request some help if any one knows how to do this.
e107 version e107 version 2.0.x
closed
in Plugins by (459 points) 17 37 50
Another example is the user.php - click it and it shows the users, click on one user and it shows their profile.

 

I am trying to do the same but idk how to, any one got an awnser?

1 Answer

0 like 0 dislike
Best answer

Basic PHP:

$_GET['id'] 

or

$_SERVER['QUERY_STRING'];

Be aware that the usage of these superglobals is heavily debateable. For example: http://www.phparch.com/2010/07/never-use-_get-again/

Please look into 'modern' ways of dealing with this, for example: http://php.net/manual/en/function.filter-input.php (also check the various functions listed in the 'see also' section at the bottom of this page)

You can see various example in the user.php and page.php code, search for $_GET. 

The most important thing is to NEVER TRUST USER INPUT. In your case, make sure that the id in the URL is indeed an integer (number) and reject anything else. Related terminology you should do a google search on before using the code is: XSS and MySQL injection.

Remember to sanitize the user input data before processing.  

by (2.8k points) 7 10 10
selected by

Just to add. There are various functions built-in e107 which help to sanitize data. For example:

e107::getParser()->toDb(); 

996 questions
1,389 answers
2,527 comments
2,512 users