0

I have various links in my website that point to a specific form.

Whenever someone fills out the form, I want to be able to know what link led them to the form.

I want to do this without having to create an individual line of PHP code for every link I create in the. Instead, I want to have some PHP code that picks up something from that link, and maybe inserts it into a hidden text box that gets its value or text from something that I tag in the link.

For example:

  1. User clicks a link.
  2. That link directs them to a form.
  3. The link carries an identification that activates PHP code
  4. When I recieve the form, I know what link was clicked to get to that form.

I want it to work with links in emails I send out as well.

elizur424
  • 75
  • 1
  • 1
  • 7
  • 1
    Possible Duplicate of: http://stackoverflow.com/questions/4662110/how-to-get-the-previous-url-using-php – Tim Mar 01 '13 at 15:07

3 Answers3

0

You can use HTTP Referer to achieve this. In PHP, you can use

$referer = $_SERVER['HTTP_REFERER']
drone.ah
  • 1,135
  • 14
  • 28
0

Use this for example :

if (isset($_SERVER['HTTP_REFERER']))
{
    $ref = $_SERVER['HTTP_REFERER'];
}

then in your form something like:

<input type="hidden" value="<?php echo htmlspecialchars($ref, ENT_QUOTES); ?>" name="ref" />
kittycat
  • 14,983
  • 9
  • 55
  • 80
ImadBakir
  • 553
  • 1
  • 7
  • 26
  • What is this new `hidden` attribute you are using? – kittycat Mar 01 '13 at 15:12
  • This is vulnerable to XSS attacks – kittycat Mar 01 '13 at 15:13
  • @sorfect you don't sanitize the data and just blindly output it to the form field. – kittycat Mar 01 '13 at 15:16
  • After getting Post data You will perform a check on all the data, not only this one. and here comes the vulnerability. – ImadBakir Mar 01 '13 at 15:16
  • 1
    @sorfect What happens when `$_SERVER['HTTP_REFERER']` is equal to `"> – kittycat Mar 01 '13 at 15:21
  • @sorfect corrected your code and removing downvote as well. Please make sure you do best practices when posting code on here as visitors will often copy/paste not knowing the implications. – kittycat Mar 01 '13 at 15:30
  • @crypticツ The hidden attribute All HTML elements may have the hidden content attribute set. The hidden attribute is a boolean attribute. When specified on an element, it indicates that the element is not yet, or is no longer, directly relevant to the page's current state, or that it is being used to declare content to be reused by other parts of the page as opposed to being directly accessed by the user. User agents should not render elements that have the hidden attribute specified. [Reference](http://www.w3.org/html/wg/drafts/html/master/editing.html#the-hidden-attribute) – ImadBakir Mar 01 '13 at 15:50
  • It is HTML5 and is not supported in IE, and really no need to put it since the field is already hidden with `type='hidden'` it is to prevent the element from being displayed which is already being taken care of. You can go ahead and put it, but it's redundant in this case. – kittycat Mar 01 '13 at 16:00
0

Based on the information in your post, it sounds like you just want to send a token/ id.

<a href="form.php?token=xxx">Goto Form</a>

Now on the form you can grab the token:

$token = $_GET['token']; // use proper testing first

Then use a switch or if statements to run whichever code you need.

<input type="hidden" value="<?php echo $token; ?>">

Additional:

As the //use proper testing first comment indicates, you should make sure the token being passed is valid and sanitized in case of attack. One option is to have tokens stored in a database when generated and then compared when validating. Also look into htmlspecialchars() and even strip_tags() for sanitizing.

If the token fails to validate, you should not output and should even have a warning message/redirect that there was an error.

UnholyRanger
  • 1,977
  • 14
  • 24