Home/ Questions/Q 573153
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T13:41:38+00:00

Recently I ran across a blog article about using PHP scripts to redirect affiliate

  • 0

Recently I ran across a blog article about using PHP scripts to redirect affiliate links. It got me thinking whether this script was safe or not. I’ve heard that using the $_GET variable can lead to a vulnerability.

Any suggestions would be appreciated. Would checking the input for alphanumerics and the hyphen (‘-‘) be enough to guard against this?

For this script, links in would be of the form:

http://www.somesite.com/amazon.php?asin=XXXXXXXXXX

or

http://www.somesite.com/amazon.php?id=some-keyword

Here is amazon.php:

   <?php

    $id = $_GET['id'];
    $asin = $_GET['asin'];

    if ($asin != NULL)
    {
        header("Location:http://www.amazon.com/exec/obidos/ASIN/".$asin."/fantasticaffiliate-20");
        exit;
    }

    else
    {
        $links = array(
            "keyword-one" => "http://www.amazon.com/b/?node=1122334455&tag=fantasticaffiliate-20",
            "keyword-two" => "http://www.amazon.com/exec/obidos/ASIN/1352434213/fantasticaffiliate-20"
            );          

        header("Location:".$links[$id]);
        exit;
    }

?>

Thanks as always!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Yes, it would. None of those characters in any combination is enough to cause a XSS problem.

    • 0