Forum Moderators: coopster
goto.php
<?php$url = $_GET['url'];
$ua = $_SERVER['HTTP_USER_AGENT'];
// Log the exit path in the DB
$sql = "INSERT INTO `outbound_redirects` ( `url`, `user_agent` ) VALUES ('".$url."', '".$ua."');";
mysql_query($sql);
// 302 it...
header("Location: $url");
?>
The problem is of course this script thinks any &'s in the URL are meant for it, so strips them out.
eg:-
/goto.php?url=http://www.example.com?a=1&article=2
Will get redirected to:-
http://www.example.com?a=1
..... and VAR "article" instead gets handed to my script.
Is there a simple way around this, or do I need to collect all the vars and tack back on the end of the destination URL those which are not mine?
Thanks!
TJ
Thanks, I'll go do just that...
<?php// URL Redirector
$server = 'localhost'; // MySQL hostname
$username = 'username'; // MySQL username
$password = 'password'; // MySQL password
$dbname = 'database'; // MySQL db name$db = mysql_connect($server, $username, $password) or die(mysql_error());
mysql_select_db($dbname) or die(mysql_error());$url = $_SERVER['REQUEST_URI'];
$ua = $_SERVER['HTTP_USER_AGENT'];$destination_url = explode("?url=", $url);
$url = stripslashes(escapeshellcmd($destination_url[1]));
// Log the exit path in the DB
$sql = "INSERT INTO `outbound_redirects` ( `url`, `user_agent` ) VALUES ('".$url."', '".$ua."');";
mysql_query($sql);// 302 it...
header("Location: $url");?>
