Question about redirecting with $_GET

[ClintReno]

Hi there, I'm really a complete newbie as far as php goes, but here is my question, thanks in advance for any help.

I'm attempting to use php to set up some redirect or jump links using the $_GET

My question is regarding security issues, is the current code format I will be using secure or does it leave any vunerability issues to the server or script.

Is the exit() enough or do I need to also use a bit of code to tell the script to report an error if anyone tries to input a variable other than the ones I have assigned a hard coded link for.

Hope that makes sense, here is the type of coding I mean (below)

PHP Code:

<?php

$name = $_GET['name'];

if ($name == "aa") {$link = "URL";}

if ($name == "bb") {$link = "DIFFERENT-URL";}

if ($name == "cc") {$link = "ANOTHER-URL";}

header("Location: $link");

exit()

?>

Thanks again.

[spiderling]

If you are hard coding the links then there wouldn't be any issue because $link is equal to what you say it is. You code also use if elseif statements instead of 3 separate if statements.

The exit() stops the rest of the script from being executed. You just need to add the semicolon to the end of that line.

PHP Code:

$name = $_GET['name'];
if ($name == "aa") {
 $link = "URL";
} elseif ($name == "bb") {
 $link = "DIFFERENT-URL";
} elseif ($name == "cc") {
 $link = "ANOTHER-URL";
} else {
 print "Invalid name";
 exit();
}

header("Location: ".$link);
exit(); 


[ClintReno]

Hello, thank you for your quick reply.

So, is using elseif a more correct way of doing it instead of using separate if statements ?

Out of interest, in the example I gave before, would it go through each if statement to check it and if it didnt find a matching $ just have skipped past the header Location part to exit ?

Also I notice in your example you have for the header location part

PHP Code:

header("Location: ".$link); 


which is diferent to how I had it in my example as

PHP Code:

header("Location: $link"); 


Was mine the wrong way of doing it or is there a better advantage to doing it the way you suggest?

Sorry for the newbieness of my questions but it would be cool if you or someone could explain the differences a little as to whats going on behind the code kind of thing.

Thanks again.

[crmalibu]

Yes, elseif is more suitable here. This is because only one of the conditions can be true, so there's no sense to keep checking the other condtions after a match is found. However, when you have a bunch of elseif conditions which all are doing nearly the same thing by comparing the same variable to different values, a switch statement is ideal. http://www.php.net/switch

There's also a handy way to to use an associative array to accomplish what you want as well. But, the end result is the same either way.

As for

PHP Code:

header("Location: $link");
// vs
header("Location:" . $link"); 


They both work functionaly the same. Some people prefer to concatenate the variable as spiderling did, instead of embed it in the string like you did. It's less obvious that a variable is being used inside of a string unless you have a good syntax highlighter(few editors will highlight variables unless they're outside of a string). This forums syntax highlighting is a perfect example.

I tend to prefer putting the variable inside the string like you did, but do it both ways depending on the situation.

[ClintReno]

Thanks very much for that detailed explaination and thank you to both members who replied for taking the time to answer my question.

I hadn't realised that using the if statement several times meant the script would keep checking the others even if it had already found a match on a previous line.

I wonder, in my first example, if there was no match found at all would it have just ignored the header Location and jumped right to the

PHP Code:

exit(); 


[spiderling]

I wonder, in my first example, if there was no match found at all would it have just ignored the header Location and jumped right to the

PHP Code:

exit(); 


It does attempt the header call and since there is nothing to redirect to, it continues executing the code below, which would be the exit. And with the exit in place that stops any further code from being executed.

[James Hetfield]

Avoid using too many double quotes because PHP interpreter has to parse those strings to find out variables inside.

In this case you can write like below to get better performance:

PHP Code:

header('Location: ' . $link); 


Just small tip for newbie

James.