views:

31

answers:

5

I want to do a print on a argument that is on the URL, like this(in this case it's Google):

http://bitoffapp.org/?http://google.com/

I want to get that and print it like this:

print("Go <a href='$url'>back</a> to the page you was before the login);

How can I do this?

+6  A: 
$div = explode("?", $_SERVER['REQUEST_URI'], 2);
$arg = end($div);
//like Sarfraz says, you can also use directly $_SERVER['QUERY_STRING']

echo sprintf(
    'Go <a href="%s">back</a> to the page...',
    htmlspecialchars(urldecode($arg), ENT_QUOTES));

In practice, you'll want to validate the URL to see

  • If it's indeed a valid URL (see FILTER_VALIDATE_URL)
  • If you can find your site prefix there (checking for substr($url, 0, strlen($prefix)) === $prefix) is enough; $url is the urldecoded query string)

The reason for these checks is that otherwise attackers may trick your users into visiting URLs that, although prefixed with your domain, actually forward them to malicious websites or vulnerable registered protocols in the victim's browser.

Artefacto
+1  A: 

If it has to be from the url, you should have it urlencoded and as a GET variable.

$prevUrl = urlencode("http://google.com/");
http://bitoffapp.org/?url=$prevUrl;

Then just read that into your php function from the GET global

$url = urldecode($_GET['url']);
print("Go <a href='$url'>back</a> to the page you was before the login");

However, I'd actually look at grabbing their previous url from the _SERVER global. _SERVER Global.

kmfk
A: 

Do:

var_export($_REQUEST);

Get:

array ( 'http://www_google_com' => '', )

For a proper reference, use ?url=http://google.com/

Then you can find it in these::

$_REQUEST['url']; // All POST, GET, ... variables
$_GET['url'];
Rakward
A: 

If your URL is http://bitoffapp.org/script.php?url={my_url} you could do this :

echo '<a href="' . $_GET['url'] . '">Go back to the page you were on before login</a>';
Stephen Curran
A: 
parse_url($url,PHP_URL_QUERY);
stillstanding