PHP problem: Extracting a value from a query string

10 replies
So, I'm having what is probably a really basic brain fart here. I have a script that's getting code back from Aweber after someone confirms a subscription. The URL contains subscriber data, in this format, as it appears in the location bar:

Code:
http://example.com/scriptname.php?email=user%40example.com&from=user%40example.com&meta_adtracking=adtrackcode&meta_message=1&name=Freddie&unit=listname&add_url=http%3A%2F%2Fexample.com%2Ffirstscript.php%3Fpage%3D678&add_notes=256.0.0.7&custom%20ref=678

I am attempting to extract that last value (678) from the query string, using this bit of code:

Code:
<?php

error_reporting (E_ALL ^ E_NOTICE);

$default = 1;
$value = $_GET['custom ref'];

if($value != "") {
  $newvalue = $_GET['custom ref'];
} else {
  $newvalue = $default;
}
?>
I've tried it as $_GET['custom ref'] and $_GET['custom%20ref'], and it makes no difference. All it ever returns is the default value of '1'.

What am I screwing up?


Paul
#extracting #problem #query #string
  • Profile picture of the author psvent
    Hi!

    The var name should be translated to custom_ref, so try: $_GET['custom_ref'].

    Also you can output all GET vars to see what is actually in there like this:

    var_dump($_GET);
    {{ DiscussionBoard.errors[8025741].message }}
  • Profile picture of the author Paul Myers
    The query string I get from Aweber is custom%20ref. I'll try it with the underscore, though. Thanks.

    Gonna take a while. When you test too many subscriptions from the same IP, it seems Aweber starts slowing them down. A lot. Makes sense from an abuse-prevention perspective, but it's a nuisance for testing your own process changes...


    Paul
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[8025919].message }}
  • Profile picture of the author Paul Myers
    The underscore worked. Thank you, psvent.

    That one tiny thing was keeping me from getting a new project rolled out. Amazing how something that small can have such an annoyingly large impact.
    Signature
    .
    Stop by Paul's Pub - my little hangout on Facebook.

    {{ DiscussionBoard.errors[8026435].message }}
    • Profile picture of the author David Beroff
      I wonder why they chose to use a non-standard variable name in the first place? :confused:
      Signature
      Put MY voice on YOUR video: AwesomeAmericanAudio.com
      {{ DiscussionBoard.errors[8027231].message }}
      • Profile picture of the author psvent
        Originally Posted by David Beroff View Post

        I wonder why they chose to use a non-standard variable name in the first place? :confused:
        Yep, that's weird, but I guess that's a custom var? I've been coding PHP for 10+ years and to be honest I didn't know how PHP (or any other lang for that matter) handles var names like that so var_dump helped out . Btw same thing happens if you replace the space with "+".

        Curiously I checked the docs to and I couldn't find a reference of the first bat.

        If possible I would suggest to rename the var to prevent any weird things from happening in the future.
        {{ DiscussionBoard.errors[8027258].message }}
        • Profile picture of the author Brandon Tanner
          Paul, just an FYI... you should always sanitize all GET or POST data to make sure that it does not contain any malicious code. Of course Aweber would never send malicious code, but a hacker could figure out the URL of your script and then submit bad code to it via GET... and if your code does not filter it out, they could do all kinds of nasty things to your server.

          There are several different ways to sanitize GET / POST data (and the best method will depend on what kind of characters your data contains, and what you do with the data after your script receives it).

          But if you're positive that the "custom ref" value should contain only numbers, then you can verify that by using 'ctype_digit'...

          <?php

          $value = $_GET['custom_ref'];

          $value = trim($value); // make sure there is no whitespace at the beginning or end of string

          if (ctype_digit($value)) {
          // The value is a number, so it's safe to run the rest of the script
          } else {
          // The value is NOT a number, so kill the script
          }

          ?>
          Signature

          {{ DiscussionBoard.errors[8027981].message }}
          • Profile picture of the author Paul Myers
            Brandon,

            It's all alphanumeric characters. A single string, with no spaces.


            Paul
            Signature
            .
            Stop by Paul's Pub - my little hangout on Facebook.

            {{ DiscussionBoard.errors[8028075].message }}
            • Profile picture of the author Brandon Tanner
              Originally Posted by Paul Myers View Post

              Brandon,

              It's all alphanumeric characters. A single string, with no spaces.


              Paul
              In that case, you can use 'ctype_alnum'...

              if (ctype_alnum($value)) {
              // The value contains only letters / numbers
              } else {
              // The value contains something other than letters / numbers
              }
              Signature

              {{ DiscussionBoard.errors[8028260].message }}

Trending Topics