Redirect from 2 buttons to the same page

PHP
1

Hi
i am kinda lost at how to Redirect from 2 buttons

to the same page but to show both website link or demo link

when the buttons are clicked on and been Redirected

so i got those buttons that works fine

<a class="btn btn-info" href="<?php echo $row["siteurl"]; ?>pages/red.php?url=<?php echo $list['id']; ?>/<?php echo $list['Website']; ?>" role="button"><strong>Go to <?php echo $list["name"]; ?></strong></a>

<a class="btn btn-success"  href="<?php echo $row["siteurl"]; ?>pages/red.php?url=<?php echo $list['id']; ?>/<?php echo $list['demo']; ?>/" role="button"><strong>Check <?php echo $list["name"]; ?> Demo Link</strong></a></center>

this is where i get them to Redirect so i need this to show either demo or website link

<?php
if (isset($_GET['url'])) {
 $url = ($_GET['url']); 
 $sql = "SELECT * FROM links WHERE id='$url' AND approved='1' LIMIT 1";
  $result = mysqli_query($link, $sql); 
  if( $result )  
  while($userz = mysqli_fetch_assoc($result)) {
?>       
<strong>You are being redirected to an external site.</strong>

You will be redirected to <?php echo $userz['name']; ?> 

You are going to <?php echo $userz['Website']; ?> 


 like to show demo here also but when only demo is clicked  <?php echo $userz['demo']; ?> 


 in <a id="timer">30</a> Seconds 

<strong>Please note that <?php echo $row['title']; ?> is not responsible for the content of the external site.</strong>
           </tr>                    
                 </table>  
                  </div>
              </div>
</div>    
   <?php } } ?>
2

If I’m understanding correctly, two suggestions that spring to mind:

  1. use a separate redirect script for the demo link, eg. pages/red-demo.php

  2. add a parameter to the demo link URL, eg. pages/red.php?url=XX&demo=1
    then check if $_GET[‘demo’] is set in red.php

As an aside, this code is open to SQL injection attacks:

 $url = ($_GET['url']); 
 $sql = "SELECT * FROM links WHERE id='$url' AND approved='1' LIMIT 1";

Any user input must be escaped, so if you want to continue using mysqli_query rather than PDO, something like:

 $sql = "SELECT * FROM links WHERE id='" . mysqli_real_escape_string($sql, $url) . "' AND approved='1' LIMIT 1";

To reiterate, never trust user input.

3

Please no, don’t use any of the _real_escape_string functions, use prepared statements instead.

See https://www.php.net/manual/en/mysqli.prepare.php

1 Like
4

You shouldn’t be putting this directly into a SQL statement without validating it. It’s a huge security risk.

5

Hi yes You did understand i just did not explain it better :frowning:

but since my knowledge off php and researching is little poor

but i did research before i asked as it confused me :lol:

so i went with the other file idea

until i can find out how to do it

i did try this but it gave me error so i added this hope its right

 $url = mysqli_real_escape_string($link, $_GET['url']);
6

i am old school so only php i can understand as its easy for me :frowning:

7

Yep, you’re right.

8

It’s also easy for you to get hacked using old school code.
The easy way isn’t always best.
Take the advice of @rpkamp

At the risk of going further off-topic, your HTML is bit old school too with center tags and tables plus the structure is invalid.
Time to update your skills.:slightly_smiling_face:

1 Like
9

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.