0

I'm trying to create a webpage that will be sent out to multiple people. The webpage contains a letter.

So if the URL string looks like:

Website.com/letter?name=Jim

Then the letter displayed on the page should be displayed as:

Hello Jim,
<br>
<br>Blah blah blah...

The name might include two names in some cases, in which case it should display both, so for example:

Website.com/letter?name=Jim Patrick

It would display as:

Hello Jim Patrick,
<br>
<br>Blah blah blah...

How would I go about achieving this?

Siraj Alam
  • 9,217
  • 9
  • 53
  • 65
Aedam
  • 141
  • 1
  • 9
  • Keep in mind exposing [`$_GET`](http://php.net/manual/en/reserved.variables.get.php) parameters like this is pretty much asking for people to play with them. – tadman Dec 19 '17 at 19:12
  • @tadman what exactly does that mean? like injecting code into the website? – Aedam Dec 19 '17 at 19:23
  • If you're not careful, yes, you'll have XSS problems. For more examples, see [OWASP](http://owasp.org). Even in its most harmless form it allows people to link to your site with whatever text they want on the page, even things like "This site sucks", which you have no control over. – tadman Dec 19 '17 at 19:24

2 Answers2

0
<?php 
 $name = $_REQUEST['name'];
 ?>

That will hold the name for you.

Where ever you want to display the name. Just put.

<p>Hello, <?php echo $name; ?></p>

and as tadman pointed out don't expose the fields in get fields to generate it like it. If at all it is necessary you can use encrypt/decrypt steps to keep it safe from easy manipulation.

Edit

It will be tough to modify name, if you do this

encrypted name in link

http://some.com/letter?name=asd35we$%3r

then decrypt it in php

<?php
 $name = someDecryption($_REQUEST['name']); 
?>
shashikant_
  • 122
  • 5
  • Thanks so much @shashikant_ When you say encrypt/decrypt, and manipulation, are you referring to someone trying to inject code into the site? if I used basic HTML webpage and put that code there, would that still be needing of encryption? – Aedam Dec 19 '17 at 19:26
  • not really, but it could be easily harassed, I mean, if anyone decides to change the name to anything they like, as it if readily visible in address field, it becomes easy. That is all. And there is nothing to worry about, if all it does is just read it and display. – shashikant_ Dec 19 '17 at 19:34
0

To improve parse/handling of your $_GET parameters from your querystring, you can change the syntax to be like this:

Website.com/letter?name[]=Jim&name[]=Patrick

Then $_GET['name'] will hold: array('Jim','Patrick').

With $_GET now being multidimensional, you can iterate the names by running:

foreach($_GET['name'] as $name){
    // echo $name // do whatever
}

or you can call implode('&', $_GET['name']) or similar.

See this post which discusses the topic that tadman is warning you about.

Finally, if you just want to space-separate your names and submit them from a single form field (or hardcode a url), then your receiving code will just need to explode(' ',$_GET['name']) and then re-stitch the names together with whatever character/substring you choose.

Your question is a little ambiguous, so just in case Jim Patrick is actually only one person, you don't need to change anything. The name value will be all of the text after name= until the end of the url string or until a # or & is encountered (assuming you are dealing with a valid url).

mickmackusa
  • 43,625
  • 12
  • 83
  • 136