homepage Welcome to WebmasterWorld Guest from 54.161.240.10
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP script needed to insert URL
AlexB77




msg:4364207
 10:48 am on Sep 19, 2011 (gmt 0)

Hey guys,

Can anyone help me with some sort of PHP script to perform the following:

<fb:like href=" [PHP SCRIPT to insert URL of the Page] " send="false" layout="button_count" width="70" show_faces="false" action="like" font="arial"><\/fb:like>


So what I meant was I do have this Facebook like button on every page of my site and would ideally like to insert the URL into href=" " automatically by copying it from "I guess an address bar or elsewhere" and automatically pasting it within that href.

I know that this is somehow achievable, since I have seen it somewhere, but do not know how to do it.

Any help will be much appreciated.

 

rocknbil




msg:4364319
 4:01 pm on Sep 19, 2011 (gmt 0)

Try one of these.

<fb:like href="<?php echo get_permalink( $post->ID ); ?>" send="false" layout="button_count" width="70" show_faces="false" action="like" font="arial"></fb:like>


<fb:like href="<?php echo $_SERVER["SERVER_NAME"]. '/' . $_SERVER["REQUEST_URI"]; ?>" send="false" layout="button_count" width="70" show_faces="false" action="like" font="arial"></fb:like>

That last one might not need the slash

<fb:like href="<?php echo $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]; ?>" send="false" layout="button_count" width="70" show_faces="false" action="like" font="arial"></fb:like>

Also it is possible this may fail:
<\/fb:like>

You only need to escape if you're echoing within PHP and then only under certain conditions.

</fb:like>

Demaestro




msg:4364346
 4:58 pm on Sep 19, 2011 (gmt 0)

I warn against using $_SERVER["REQUEST_URI"]

It opens you up for XSS attacks

AlexB77




msg:4364357
 5:56 pm on Sep 19, 2011 (gmt 0)

Hey Guys,

First would like to Thank you for your response and now back to my problem.

I have tried to use <?php echo get_permalink( $post->ID ); ?> but since

<fb:like href="<?php echo get_permalink( $post->ID ); ?>" send="false" layout="button_count" width="70" show_faces="false" action="like" font="arial"></fb:like> is within the Javascript (See full code below) it did not work.

<script type="text/javascript">
//<![CDATA[
(function() {
document.write('<div id="fb-root"><\/div><fb:like href="<?php echo get_permalink( $post->ID ); ?>" send="false" layout="button_count" width="70" show_faces="false" action="like" font="arial"><\/fb:like>');
var s = document.createElement('SCRIPT'), s1 = document.getElementsByTagName('SCRIPT')[0];
s.type = 'text/javascript';
s.async = true;
s.src = 'http://connect.facebook.net/en_US/all.js#xfbml=1';
s1.parentNode.insertBefore(s, s1);
})();
//]]>
</script>


What am I doing wrong or should I add something to it. I am not really good with Java sorry!

penders




msg:4364398
 6:41 pm on Sep 19, 2011 (gmt 0)

I believe get_permalink [codex.wordpress.org] is a WordPress function, so if you are not using WordPress you will need to use one of the other methods mentioned. However, as Demaestro mentions, using REQUEST_URI (and PHP_SELF) without sanitizing first is a possible security issue. If you are using JavaScript (not Java) anyway, you could use location.href - although I think this could be open to the same XSS attack if you are simply writing it out.

Either way, I think you will need to sanitize the URL anyway for the benefit of your FB like button, although I'm not sure how specific it is?

g1smd




msg:4364427
 7:11 pm on Sep 19, 2011 (gmt 0)

Do you want to use the exact URL that was requested?

That would be a big problem when a non-canonical URL was used to access the page.

You'll need a further level of processing to return the canonical URL for non-canonical requests.

Demaestro




msg:4364446
 7:39 pm on Sep 19, 2011 (gmt 0)

Alex,

Is the file this .JS lives in a .php file?

If no and it is just a .js file then you will want this:

var url_loc = document.location.href;

document.write('<div id="fb-root"><\/div><fb:like href="' url_loc


If you go this route make sure you do a little work to guard against XSS

AlexB77




msg:4364512
 9:18 pm on Sep 19, 2011 (gmt 0)

The script is within a simple .html file that has only one canonical URL (meaning there is no way it can be link in non-canonical way)
"http://www.mysite.com/my_folder/my_file.html".

Where can I find any info about XSS and how would you recommend using it in order to remain protected?

Thanks guys for your help

g1smd




msg:4364513
 9:21 pm on Sep 19, 2011 (gmt 0)

The script is within a simple .html file that has only one canonical URL (meaning there is no way it can be link in non-canonical way)
"http://www.example.com/my_folder/my_file.html".

So all of these don't return that same page?
*
http://www.example.com///my_folder///my_file.html
*
http://www.example.com/my_folder/my_file.html?some-appended-stuff
*
http://example.com/my_folder/my_file.html
AlexB77




msg:4364516
 9:29 pm on Sep 19, 2011 (gmt 0)

No it will redirect to the canonical URL

AlexB77




msg:4364517
 9:32 pm on Sep 19, 2011 (gmt 0)

I use canonical link tag on every page, can the link somehow be copied from this tag and pasted into href

g1smd




msg:4364526
 9:40 pm on Sep 19, 2011 (gmt 0)

If it's stored in some variable, then most likely it can.

AlexB77




msg:4364534
 9:55 pm on Sep 19, 2011 (gmt 0)

<link rel="canonical" href="http://www.example.com/my_folder/my_file.html"> in the meta

penders




msg:4364574
 11:22 pm on Sep 19, 2011 (gmt 0)

If you are generating your canonical tag via a server-side script then you've probably already got a more direct way of accessing it...

The script is within a simple .html file...


May be you're not using any server-side script after all, in which case PHP might not have been much help anyway?

Anyway, to access your link (rel="canonical") element via JavaScript and grab the URL, then place this above your facebook code...

<script type="text/javascript"> 
function getCanonicalUrl() {
var url = '';
var linkElems = document.getElementsByTagName('link');
for (var item=0; item<linkElems.length; item++) {
if (linkElems[item].rel == 'canonical') {
url = linkElems[item].href;
break;
}
}
return url;
}
</script>


And then inside your FB code...
...<fb:like href="' + getCanonicalUrl() + '" send="false"...

AlexB77




msg:4364673
 8:20 am on Sep 20, 2011 (gmt 0)

Thanks penders,

I will give it a shot, lets see if this will do the trick

Thanks

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved