问题
Is it possible to append a parameter to a PHP Header Location? I'm having trouble getting it to work. Is this syntax actually allowed?
$qry = $_SERVER['QUERY_STRING'];
header('Location: http://localhost/blast/v2/?$qry ') ;
it just won't replace $qry wit its actual value....why??
in the browser it ends up looking like this:
http://localhost/blast/v2/?$qry
thanks
回答1:
Change the single quotes to double quotes:
header("Location: http://localhost/blast/v2/?$qry");
A single quoted string in PHP is treated as a string literal, which is not parsed for variables. Double quoted strings are parsed for variables, so you will get whatever $qry contains appended, instead of literally $qry.
回答2:
You can also add multiple parameters via a header like:
$divert=$row['id']."¶m1=".($param1)."¶m2=".($param2);
header("Location:showflagsab.php?id=$divert");
which adds the two additional paramaters to the original id
These can be extracted using the $get method at their destination
回答3:
I know this is a very old post, but please, do not do this. Parameters in a header are XSS vulnerable. You can read more about XSS'ing here: owasp.org/index.php/Cross-site_Scripting_(XSS)
回答4:
wiles How to Fix the XSS attack on header location
$param = $_REQUEST['bcd'];
header("Location: abc.php/?id=$param");
来源:https://stackoverflow.com/questions/9861925/php-header-location-with-parameter