[vox-tech] another php question
Matt Roper
vox-tech@lists.lugod.org
Thu, 6 Jun 2002 11:47:53 -0700
On Thu, Jun 06, 2002 at 11:04:19AM -0700, Peter Jay Salzman wrote:
...
> is there a way to pass a variable to a php3 href so i can have one file
> that does a reading, but with an argument of which data file to read?
> something like:
>
>
> Click on your favorite car:
> <UL>
> <LI><A href="display_stats.php3" arg="mustang.dat">mustang</A>
> <LI><A href="display_stats.php3" arg="beetle.dat">beetle</A>
> ...
> </UL>
>
> can i do this sort of thing with php3?
I think what you want is
<UL>
<LI><A href="display_stats.php3?arg=mustang.dat">mustang</A>
<LI><A href="display_stats.php3?arg=beetle.dat">beetle</A>
...
</UL>
After doing this, your display_stats page can read the argument from
$arg. Note that you still need to do some checking to make sure people
don't craft a url like "display_stats.php3?arg=/etc/shadow" -- this can
be a security hole if you use the filename directly without checking it
first.
Matt
--
*************************************************
* Matt Roper <matt@mattrope.com> *
* http://www.mattrope.com *
* PGP Key: http://www.mattrope.com/mattrope.asc *
*************************************************