To find a reason of missing GET variables in PHP

Question

How can you get the variables in URL to the next page in PHP?

The user is at the URL

 http://localhost/codes/index.php?ask_question&[email protected]&passhash_md5=202cb962ac59075b964b07152d234b70

He sends a question and he goes to the following url where variables lost their values for some unknown reason.

http://localhost/codes/index.php?question_sent&email=&passhash_md5=

The following code is the code *handle_a_new_question.php*.

 $result = pg_prepare($dbconn, "query77", "INSERT INTO questions
     (body, title, users_user_id)
     VALUES ($1, $2, $3);");
 $result = pg_execute($dbconn, "query77", array($body, $title, $user_id));

 if(isset($result)) {
     $header = ("Location: /codes/index.php?"                                                                                                                                                           
         . "question_sent"
         . "&"
         . "email="
         . $_GET['email']             // this seems to be correct to me
         . "&"
         . "passhash_md5="
         . $_GET['passhash_md5']      // this seems to be correct to me too
         );
     header($header);
  }

Do you see any mistake in the code?

Answer 1

Print your $_GET and check if vars are empty before create the header:

print_r($_GET);

or try with

$_REQUEST['email']

instead of

$_GET['email']

Oh! and don't forget to add

exit();

after:

header($header);

If you do something if there's no valid $result, for example:

 if(isset($result)) {
     $header = ("Location: /codes/index.php?"                                                                                                                                                           
         . "question_sent"
         . "&"
         . "email="
         . $_GET['email']             // this seems to be correct to me
         . "&"
         . "passhash_md5="
         . $_GET['passhash_md5']      // this seems to be correct to me too
         );
     header($header);
  }

  sendEmailToMe('FAILED!!');

Is possible that "sendEmailToMe('FAILED!!')" can be executed, even if $result is valid.

Answer 2

For sure the data is sent by POST. So it can be retrieved like this:

$_POST['email']

BTW:

1. do not forget to sanitize the data before doing the redirection (it is not done in your example).
2. do not forget to "salt" your hash or it may be insecure.

Answer 3

what does the form code look like? the problem is on the page that is directing you to the question_sent page, not on the question_sent page itself.

are you passing these variables along in hidden fields or in the action of the form, eg

<form method="post" action="index.php?question_sent&email=<?php echo $_GET['email']?>&passhash_md5=<?php echo $_GET['passhash_md5']?>">

or are you using hidden variables

<form method="post" action="index.php?question_sent">
   <input type="hidden" name="email" value="<?php echo $_GET['email']?>" />
   <input type="hidden" name="passhash_md5" value="<?php echo $_GET['passhashmd5']?>" />
   ...
</form>

because either of those should work, the first you can retrieve ur variables from $_GET the second you can retrieve them from $_POST.

also for user sessions, you should probably be storing their login info in a cookie, take a look at this when you get a chance

http://www.tizag.com/phpT/phpcookies.php

Answer 4

Try using session handlers in place of the GET variables. It does add a few keystrokes to your code but saves you a lot of headeache, in my point of view.