?id=1

[benbramz]

hi

im not too familiar with php so bear with me.

firstly, pagename.php?id=1

what is that called? you know the id=1 bit?

secondly, on a website im making a games window. I would like my flash games to be loaded into this window when the user click the link. however, rather then wanting to replicate the same page for each swf file i would like to have it so when a user click the link which could be <a href="gameswindow.php?id=1">Bens crazy 8ball! it would open up games window.php and then see that it says id one and load up the swf file designated for id=1
hope that made sense.
Im not sure if thats hard? but obviosly im not asking you to make me the page. maybe point me in the right direction for a tutoral that would help me build the page? plus, making it yourself is actually going to help me learn this dammed language lol

kind regards, ben

[Sheepymot]

Hi, if you add id= to the end of a page link, the identifier in PHP is "$id".

So, say the url is index.php?id=blah, in php $id would be equal to blah.

Do you see?

[benbramz]

yea i think i do.

so how do i get the script to go

if id = blah then show 8ball.swf
but if it is moo show greatescape.swf
bit if it is yoohoo show bob.swf
but if its none of those go silly person, it dont exsist.

i know that last bit would be an echo, right?
are there any tutrials around that i could work through and learn a bit more on this?

cheers for the post Sheepymot!

[benbacardi]

use this:

Code: Select all

switch ($id) {
case "blah":
   //code to show 8ball.swf
   break;
case "moo":
   //code to show greatescape.swf
   break;
case "yoohoo":
   //code to show bob.swf
   break;
default:
   //code to say silly person, doesnt exist
}

[Webforumz Staff]

Generally that extra bit is called the "query string" or "query string variables"

[Webforumz Staff]

May I also point out that for security reason you should really be using $HTTP_GET_VARS['id'] or $_GET['id] instead of just $id

[benbramz]

ahhh thankoyu all.

so, $id is obviosuly the id from the previous page. and im guessing so does $_GET['id]. but what about $HTTP_GET_VARS['id']???? what in terms of php is a var?

and why would not using those cause a security risk?

cheers

[Webforumz Staff]

Quote:

Originally Posted by benbramz

so, $id is obviosuly the id from the previous page. and im guessing so does $_GET['id]. but what about $HTTP_GET_VARS['id']???? what in terms of php is a var?

and why would not using those cause a security risk?

As you probably know, when you write a PHP script you create variables. Lets say you want to take two numbers and add them together, store the result in a variable called $total and display that result (not an efficient example, but it's good for this!).

$total is a variable that's internal to your script. You don't want the visitor to your website to be able to mess with that value. Now lets say that the numbers you're adding together are given to you by the user. You have a form with 2 fields that the user types numbers into and hits 'submit' to get a result.

The numbers are called 'one' and 'two'.

There is a PHP configuration setting called register_globals which can be turned on or off. On most security conscious hosts it is turned off and here's why. When register_globals is turned on, you can directly access 'one' and 'two' as $one and $two, just as if they were normal variables created in your script. Except of course, they're not - they external, from the user.

Now let's say that, before your script does anything with those numbers, it displays the total: $total.
Technically, $total shouldn't have a value, or if it does it should be 0. But what if a visitor to your site sends 'one', 'two' and 'total' when they send their data? You display $total first and it's the value that the user has given you. Imagine that your script had to do something important with that data and you can imagine why this could be a problem. For this reason, you can't assume that any variable is safe when register_globals is turned on.

You should really be accessing external variables using $HTTP_GET_VARS['id] and $HTTP_POST_VARS['id] or $_GET['id'] and $_POST['id'] for short ($HTTP_GET_VARS['id] and $_GET['id'] mean the same thing, the second is just shorted and easier to use).

I hope I've explained this well!

[benbramz]

yea i think i do...

cheers sirkent!

[benbramz]

hi

i used the script posted and hit an error. i used an echo with just a bit of text and it wokrd fine. but then i pasted the spheel u get for embedding a swf file and got an pharse error, unexpected <

is there a particular way to write this?

cheers

[Webforumz Staff]

What exactly did you put?

Obviously any HTML code you want to display should be shown as:
echo "<tag>";

[benbacardi]

and did you remember to escape all double quotes used within an echo with a backslash?

[benbramz]

Code: Select all

echo("<embed src="minipool2.swf" quality="high" width="720" height="420">");

[benbramz]

also since i cut out all of the fat from the html for the flash movie, i got a diff error, unexpected T_STRING ???

heres the whole thing

Code: Select all

<?php
switch ($HTTP_GET_VARS['id']) { 
case "1": 
	echo("<embed src="minipool2.swf" quality="high" width="720" height="420">");
   break; 
case "2": 
   echo("text2");
   break; 
case "3": 
   echo("text3");
   break; 
default: 
	   echo("text all day long!");
}
?>

cheers guys

[benbacardi]

yup u need to escape your double quotes, so what you put from two posts back, should be this:

Code: Select all

echo("<embed src=\"minipool2.swf\" quality=\"high\" width=\"720\" height=\"420\">");

notice the \ before every double quote that does not mark the end of the echo string

[benbramz]

ahhhhhhh cheers guys

[benbacardi]

no problem you know its actually great when you can help someone