Any PHP programmers here that know of ClickBank?

by 3 replies
4
hi;

I am setting the pitch flow links but I get Notice unknown $REQUEST['cbf']
<?php echo $_REQUEST['cbf'];?>

href="http://2.xxxx.pay.clickbank.net/?cbur=d&amp;cbf=<?php echo $_REQUEST['cbf'];?>"

If I do this the warnings go way
PHP Code:
<?php if(!isset($_REQUEST['cbf']))
  {
    
$_REQUEST['cbf']="";
  }
?>
Is it how its supposed to be? I thought CB takes care of it. Unless I'm wrong.
#programming #clickbank #php #programmers
  • Looks fine to me - though it would be more accurate to omit the parameter all together if it isn't passed to your script.
    • [1] reply
    • Hi,

      I decided to write a longer post, because it may be useful to other people.

      1. You can report all errors and disable only NOTICE.
      Add this code on top:
      error_reporting(E_ALL ^ E_NOTICE);

      2. Your code is vulnerable to Cross-Site Scripting attack. Never place unescaped directly into the source code of the page.

      - How to correctly filter special characters?
      We can use functions such as, for example: htmlspecialchars() or/and strip_tags() also it is good to use addslashes() (prevent SQL Injection attack).

      Code using the above function will look like this:

      Code:
      <?php
      $cbf = addslashes(htmlspecialchars(strip_tags($_GET['cbf'])));
      if(!isset($cbf)) {
          $cbf="";
      }
      ?>
      <a href="http://2.xxxx.pay.clickbank.net/?cbur=d&amp;cbf=<?php echo $cbf;?>">text</a>
      Of course - in most cases - you only need to addslashes() and htmlspecialchars() ;-)

      If you will need some help - please write ;-)

      Best Regards,
      Arthur


      References (if you want read more about it):
      * https://www.owasp.org/index.php/Cros...ting_%28XSS%29
      * https://www.owasp.org/index.php/SQL_Injection
      • [1] reply

Next Topics on Trending Feed