[itdoell]

Is there a way in which I can target a specific $_GET variable and remove it? I can't seem to find any solid information on this. Here's a URL example...

http:/mysite.com/index.php?page=2&search=lorem

Say I wanted to remove the page from the URL and just be left with http://mysite.com/in...hp?search=lorem

Does anyone know could this be accomplished?

[creativecoding]

Like so:

<?php
$remove = array("page");
$finalUrl = "?";
foreach($_GET as $index => $get){
	if(!in_array($index, $remove)){
		$finalUrl .= $index.'='.$get.'&';
	}
}
header('location: ' . $finalUrl);
?>

[Dormilich]

in PHP you can also do

unset($_GET['page']);
$url = $_SERVER['SCRIPT_NAME'] . "?" . http_build_query($_GET);

there are also possibilities to do that with mod_rewrite/.htaccess

[itdoell]

Dormilich, on 11 December 2011 - 09:09 PM, said:

in PHP you can also do

unset($_GET['page']);
$url = $_SERVER['SCRIPT_NAME'] . "?" . http_build_query($_GET);

there are also possibilities to do that with mod_rewrite/.htaccess

Thanks, I think I'll use this solution. Is there any security issues I should be concerned about? I'm always wary about doing anything with $_GET's, and I'm unfamiliar with http_build_query. Typically I do...

function wash($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

$example = wash($_POST['example']);

for all my $_GET's, but since I can't do that on http_build_query($_GET) I figured I'd ask if there is anything security wise I should be concerned about before continuing with it.

[Dormilich]

since you don’t use it (i.e. you’re not reading data from it), it doesn’t really matter. of cource you can always apply striptags() to the resulting string.

http_build_query() work like implode() for URLs.

PS. for mysql_real_escape_string() to work you need an active database connection (or otherwise it is trying to create one) which may not always be available (and superfluous if you’re using the sql injection immune Prepared Statements). additionally, look into filter functions for verifying user data.

This post has been edited by Dormilich: 12 December 2011 - 03:32 AM

[itdoell]

Thanks Dormilich.

[JamesRozee]

itdoell, on 12 December 2011 - 10:36 AM, said:

Thanks Dormilich.

Well I learnt something today, didnt know of http_build_query! Nifty function

This is how I would of done it before, gives you a little more control extending on what creativecoding said:

<?php
// Allows you to specify more than one
$toRemove = array( 'page' => '', 'action' => '' );
$whatWeRemoving = array_intersect_key( $toRemove, $_GET );


// We dont want to redirect if there isn't anything to change, that would cause an infinite loop.
if( sizeof( $whatWeRemoving ) > 0 )
{
    $redirectUrl = $_SERVER[ 'REQUEST_URI' ];
    
    foreach( $whatWeRemoving as $key => $val ) $redirectUrl = preg_replace( '/([?&])' . $key . '=[^&]+(&|$)/', '$1', $redirectUrl );
    
    header( 'Location: ' . $redirectUrl );
}
?>