Domain Manage

php

Discussion in 'Website Design' started by fastworld, Jan 16, 2014.

Thread Status:
Not open for further replies.
  1. fastworld United Kingdom

    fastworld Active Member

    Joined:
    Aug 2005
    Posts:
    440
    Likes Received:
    2
    Im building a site for my domains.
    Any php gurus know if there is a safe way to get the variable out of an url?
    EG. i would point a domain to;
    www.sitename/domain.php?name=domainName
    the variable being domainName

    Not my best subject, php :(
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
     
  3. martin-s United Kingdom

    martin-s Well-Known Member

    Joined:
    Jul 2012
    Posts:
    2,451
    Likes Received:
    83
  4. AssetDomains United Kingdom

    AssetDomains Well-Known Member

    Joined:
    Feb 2010
    Posts:
    2,951
    Likes Received:
    52
    Try this

    Code:
    function check_input($data)
    {
        $data = htmlspecialchars($data);
        return $data;
    }
    if(isset($_GET['name']))
    {
    $domain = check_input($_GET['name']);
    }
     
    
     
  5. tifosi United Kingdom

    tifosi Well-Known Member

    Joined:
    Oct 2004
    Posts:
    3,128
    Likes Received:
    45
    If you know the domain then below, otherwise if domain.php is parsing the url and you know the query parameter then GET as above. parse_url very useful if the whole url changes or you're wading through a list of urls. Example assumes one name=domain parameter, more with & will need more work.

    Code:
    $url_data = parse_url($url);
    $query_data = $url_data['query'];
    $query_data = explode('=', $query_data);
    $domain = $query_data['name'];
    
     
  6. fastworld United Kingdom

    fastworld Active Member

    Joined:
    Aug 2005
    Posts:
    440
    Likes Received:
    2
    Thats Great! Thanks for your help guys, ill post the url when done in the website review section :)
     
  7. Skinner

    Skinner Well-Known Member

    Joined:
    Jul 2008
    Posts:
    4,325
    Likes Received:
    81
    I always add checks, on the lengths, and the nature, if your expecting a number, then check is_numeric, check it as much as possible before allowing it out into the open as it were.
     
  8. greg2013 United Kingdom

    greg2013 Member

    Joined:
    Dec 2013
    Posts:
    32
    Likes Received:
    1
    Don't just get the data from URL and process it how you want. It could be anything whatsoever.

    Anyone can go to your page www.sitename/domain.php?name=domainName
    and change "domainName" to be any data they want.
    Your script will then happily take that data and process it, which could be an attack attempt etc.

    You need to check the data, ideally from a whitelist of data you know it can only be (ie a list of domain names) or at least check there are no bad chars which cannot be in a domain name.
    I'd weed out " ' < and > for starters
     
Thread Status:
Not open for further replies.

Share This Page