Changing Contents via URL

ConnorJack · 10-09-2009, 07:16 PM

Is there a way I can add a URL attribute (like ?user=connorjack) and it will change what is on the page. For example, if I have a page with some embed code in. Part of the embed code includes a username, so I want to change that via the URL rather than create duplicate pages thousands of time.

mlseim · 10-09-2009, 07:29 PM

At the top of your page ...

PHP Code:


			
<?php

$user=$_GET['user'];



// now, you can use the $user variable anywhere you want in your HTML (see below).



?>

<html>

... your html page stuff



... wherever your embed code is ....



<blah blah   <?=$user?>   blah blah>



</html>

met · 10-09-2009, 07:34 PM

to expand

PHP Code:


			
//url = users.php?user=testing
$user = $_GET['user'];

if(isset($user)) {
    /* you should validate the variable to prevent malicious input */
    $query = 'SELECT * FROM `users` WHERE username="' . $user . '" LIMIT 1';
    $result=mysql_query($query);
    $r=mysql_fetch_array($result);
    echo '<h2>Viewing: ' . $r['username'] . ' Profile</h2>';
    // etc

} else {

    echo '<p>Please select a user...</p>';
    $qry = mysql_query('SELECT * FROM `users` ORDER BY id ASC');
    while($r=mysql_fetch_array($qry)) {
       echo '<a href="users.php?user='.$r['username'].'">'.$r['username'].'</a><br />';
    }
}

ConnorJack · 10-09-2009, 07:36 PM

Quote:

Originally Posted by mlseim

At the top of your page ...

PHP Code:


			
<?php

$user=$_GET['user'];



// now, you can use the $user variable anywhere you want in your HTML (see below).



?>

<html>

... your html page stuff



... wherever your embed code is ....



<blah blah   <?=$user?>   blah blah>



</html>

Great! Thanks! And I can change the variable with "?user=username"?

mlseim · 10-09-2009, 08:20 PM

That's right,

If you do this, "http://www.mywebsite.com?user=connorjack",
the variable called $user will contain the value of "connorjack".

As Met is alluding to ...
Anything you bring into your script should be "sanitized" so that nothing
malicious can be injected. Bringing in a username, like "connorjack" poses
no problems as we can see, but we don't know what the rest of your script
is doing (as we can't see it of course), so just be careful about what you
allow and how the variable is used.

Your webpage (or script) needs to either be .php (instead of .html),
or you have to instruct your webhost server to process .html as a PHP script.
Since you posted this in the PHP forum, I assume you already know about PHP.

ConnorJack · 10-09-2009, 08:25 PM

Quote:

Originally Posted by mlseim

That's right,

If you do this, "http://www.mywebsite.com?user=connorjack",
the variable called $user will contain the value of "connorjack".

As Met is alluding to ...
Anything you bring into your script should be "sanitized" so that nothing
malicious can be injected. Bringing in a username, like "connorjack" poses
no problems as we can see, but we don't know what the rest of your script
is doing (as we can't see it of course), so just be careful about what you
allow and how the variable is used.

Your webpage (or script) needs to either be .php (instead of .html),
or you have to instruct your webhost server to process .html as a PHP script.
Since you posted this in the PHP forum, I assume you already know about PHP.

Yeah, thanks for your help. It is working. I do know HTML, CSS and a little PHP. But I only started with MySQL a few days ago.