Convert Many Variables into Just 1

Hi, I want to send the following variable using the $_GET function:

[i][b]example.com/index.php?id=https://twitter.com/intent/tweet?url=http%3A//youtu.be/gvckPiuN9ug&text=The%20first%20kinetic%20typography%20film%20[1988]%20Oliver%20Harrison%20[part].:&via=YouTube&related=YouTube,YouTubeTrends,YTCreators[/i][/b]

The page that receives this variable then echoes it out in the refresh meta tag to redirect to a new page:


<meta http-equiv="refresh" content="0; url=
         <?php
echo $_GET['id'];
?>" />

The problem is that $_GET in the above example contains multiple variables after the initial $id variable, meaning that rather than redirecting to the above URL in its entirety, it instead redirects to:

twitter.com/intent/tweet?url=http%3A//youtu.be/gvckPiuN9ug

Is there a simple way around this?

Many thanks,
Leao

Try this:


$url = '';
foreach($_GET as $key => $value) {
    $url .= $key . '=' . $value . '&';
}
echo substr($url, 0, -1);

-RT- :smiley:

You could use PHP’s serialize on the URL and then unseralize it when you get it using _GET.

Actually the best way is probably this:

echo $_SERVER['QUERY_STRING'];

Cheers. Would this open up a security hole? I.e. Allowing anybody to inject whatever content they like directly onto my page?

Thanks again, Leao

I don’t think so, because the input is interpreted as a string, so I don’t think you can insert any PHP etc. Which means all they could do is construct some HTML, that only they will observe. And you can do that anyway, just in chrome you can go and edit html in a page.

If you want to be extra careful though you could use rawurlencode() like this:


<?php
$url = '';
foreach($_GET as $key => $value) {
    $url .= rawurlencode($key) . '=' . rawurlencode($value) . '&';
}
echo substr($url, 0, -1);
?>

That will prevent html characters from being formed, any html characters will just be replaced by their special character encoding.