08-24-2006, 07:29 AM
|
|
WHT Addict
|
|
Join Date: Jun 2003
Location: Somerset, UK
Posts: 162
|
|
Hi there, I am trying to get a payment page which is called payment.php to automatically display the invoice number.
I thought it was like payment.php?invoice=34343
However, I have tried putting <? print "$invoice" ?> but it displays nothing.
Could someone give me the correct PHP code to get it working?
|
08-24-2006, 07:34 AM
|
|
Web Hosting Evangelist
|
|
Join Date: Apr 2005
Posts: 521
|
|
Try with $_GET['invoice']
|
08-24-2006, 07:38 AM
|
|
WHT Addict
|
|
Join Date: Jun 2003
Location: Somerset, UK
Posts: 162
|
|
Hi there thanks for that, where do I put that?
|
08-24-2006, 08:42 AM
|
|
the cloud is a lie
|
|
Join Date: May 2004
Location: NYC
Posts: 793
|
|
Anywhere you want to use the value. In the case of your first example:
<? echo $_GET['invoice']; ?>
|
08-24-2006, 08:45 AM
|
|
Junior Guru Wannabe
|
|
Join Date: Apr 2004
Location: uk
Posts: 47
|
|
<? $invoice = $_GET["invoice"]; print "$invoice"; ?>
|
08-24-2006, 09:58 AM
|
|
Web Hosting Master
|
|
Join Date: Mar 2006
Posts: 961
|
|
PHP Code:
if (isset($_GET['invoice']) || isset($_POST['invoice'])) {
$invoice = (isset($_GET['invoice'])) ? (stripslashes(trim($_GET['invoice']))) : "";
} else {
$invoice = "";
}
if (empty($invoice)) {
die ('Could not get invoice.');
} else {
echo $invoice;
}
unset ($invoice);
|
08-24-2006, 10:12 AM
|
|
Junior Guru
|
|
Join Date: Aug 2001
Location: Central USA
Posts: 200
|
|
If you're going to check both $_GET and $_POST, you might as well just check $_REQUEST.
PHP Code:
<?php $invoice = isset($_REQUEST['invoice']) ? $_REQUEST['invoice'] : 0 ; ?>
|
08-24-2006, 10:27 AM
|
|
Web Hosting Master
|
|
Join Date: Mar 2006
Posts: 961
|
|
Either case, would be better this way I think:
PHP Code:
<?php $invoice = isset($_REQUEST['invoice']) ? intval(trim($_REQUEST['invoice'])) : 0; ?>
My first demonstration above did not demonstrate a return result by value but rather with text (Horizon didn't know it was about value.  ).
|
08-24-2006, 08:22 PM
|
|
WHT Addict
|
|
Join Date: Jun 2003
Location: Somerset, UK
Posts: 162
|
|
Thank you, its working now using sea otter' suggestion. None of the others worked for me.
|
08-24-2006, 10:12 PM
|
|
Web Hosting Master
|
|
Join Date: Nov 2003
Posts: 682
|
|
Be careful with that as echo'ing directly from $_GET could make you vulnerable to cross site scripting (especially if you use cookies to log your users in, etc.)
|
08-24-2006, 10:29 PM
|
|
WHT Addict
|
|
Join Date: Aug 2001
Posts: 123
|
|
if ( is_numeric($invoice)) {
echo $invoice;
} else {
//something here are logging the input/ip address/time/date/etc
}
So basically if you put everyone's contribution together your script is going to kill.
|
08-24-2006, 10:34 PM
|
|
Web Hosting Master
|
|
Join Date: Mar 2004
Location: USA
Posts: 4,342
|
|
Quote:
|
Originally Posted by horizon
PHP Code:
if (isset($_GET['invoice']) || isset($_POST['invoice'])) {
$invoice = (isset($_GET['invoice'])) ? (stripslashes(trim($_GET['invoice']))) : "";
} else {
$invoice = "";
}
if (empty($invoice)) {
die ('Could not get invoice.');
} else {
echo $invoice;
}
unset ($invoice);
|
I would really like to see a script you make 
Peace,
__________________
Testing 1.. Testing 1..2.. Testing 1..2..3...
|
08-24-2006, 11:21 PM
|
|
Web Hosting Master
|
|
Join Date: Mar 2006
Posts: 961
|
|
Quote:
|
<?php $invoice = isset($_REQUEST['invoice']) ? intval(trim($_REQUEST['invoice'])) : 0; ?>
|
Quote:
|
Be careful with that as echo'ing directly from $_GET could make you vulnerable to cross site scripting (especially if you use cookies to log your users in, etc.)
|
As you can see, since my correction above, intval has been used so only numeric value can be returned and nothing else.
Of course, if you'd like to state a more defensive method, you can always use:
PHP Code:
<?php $invoice = (isset($_REQUEST['invoice']) && is_numeric($_REQUEST['invoice'])) ? intval(trim($_REQUEST['invoice'])) : 0; ?>
Quote:
|
I would really like to see a script you make
|
Would you ?
|
08-25-2006, 03:28 AM
|
|
Junior Guru Wannabe
|
|
Join Date: Nov 2004
Location: Northamptonshire
Posts: 56
|
|
Quote:
|
Originally Posted by horizon
As you can see, since my correction above, intval has been used so only numeric value can be returned and nothing else.
Of course, if you'd like to state a more defensive method, you can always use:
PHP Code:
<?php $invoice = (isset($_REQUEST['invoice']) && is_numeric($_REQUEST['invoice'])) ? intval(trim($_REQUEST['invoice'])) : 0; ?>
|
That won't stop someone entering in another number into the url hoping to hit someone else's invoice. You need to also check if the invoice number belongs to the customer currently logged in. Never trust data that comes via. GET and POST routines, and any script that requires register_globals should be burnt 
__________________
Andrew Hutchings (A-Wing) - Linux Jedi
A-Wing Internet Services
Windows is the path to the darkside...Windows leads to Blue Screen. Blue Screen leads to downtime. Downtime leads to suffering...I sense much Windows in you.
|
08-25-2006, 04:40 AM
|
|
Junior Guru
|
|
Join Date: Jul 2003
Posts: 235
|
|
what is the system where you are embedding this line of code? solutions depends on details
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
