Home/ Questions/Q 9045589
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T11:23:04+00:00

Hi I will try explain this as best I can. I am using a

  • 0

Hi I will try explain this as best I can. I am using a php master page structure linking content through the include function as in 

<?php 
   $page=$_GET['page'];
   include($page);
 ?>

I am using a database to display a blog and have added a ID to each post to allow the user to navigate to the actual blog post, instead of viewing it in a list. The issue I am having is that the link works but when I add the master page structure into the link it can’t find the ID. For example,

Works

<a href="blog2.php?id=<?php echo $post['post_id']; ?>">

but

Does not work

<a href="../anonymous/anonymous.master.php?page=blog2.php?id=<?php echo $post['post_id']; ?>">

Obviously the first link displays only the blog2.php data and not the master page data.I am guessing it is the way I have structured the link and any help would be appreciated. If any more questions or I havn’t explain myself please ask.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A couple of things. First, to fix your problem you need an & rather than ? between the page and id parameters in the second case. So it should look like this:

    <a href="../anonymous/anonymous.master.php?page=blog2.php&id=<?php echo $post['post_id']; ?>">

    Second, you REALLY need to sanitize your input.

    In this case:

    <?php 
   $page=$_GET['page'];
   include($page);
 ?>

    If your server isn’t properly configured, I could easily pass a URL for page and have your server execute arbitrary code from another website, compromising your entire system.

    In the case of the URL’s, you are echoing post variables directly to the page, leaving yourself open for cross-site-scripting (XSS) attacks.

    • 0