Inputting subdomain and subdirectory values into a variable without using parameters

dougmcc1

Is there a way to put the names of a subdomain and subdirectory into a variable without using parameters in the URL?

If someone clicked on this URL:
http://a.domain/1

How could I set $letter='a' and $number=1 in http://a.domain/1/index.htm?

Also, is this insecure even if I limit the length of the subdomain to 2 characters and I check my database to make sure subdomain 'a' really has a subdirectory of '1'? No one should be able to manipulate the URL string by adding valicious code to it unless I'm overlooking something.

Thanks.

Roger_Ramjet

Well. Even though you can display anything in the link text, you would have to disable the status bar to prvent anyone from seeing what the url really is. A mod_rewrite would hide the real url from their address bar when the page displays. All gets a bit complicated doesn't it. You can also use .htaccess to redirect and hide the true url from the user. Try using a form and post. You could then post an identifier to a base page that would include the target file according to the parameter sent. That is probably the easiest way to do it invisibly and securely.

dougmcc1

Can you give me an example, Roger? I'm having trouble following you.

I was hoping there'd be a function like geturl() or something that would get the URL of the current page being loaded which would allow me to input "http://a.domain.com/1/index.htm" into a variable.

Then I was thinking I could cut out the "http://", get the 2 letters for the subdomain (my real subdomain names are 2 letters long), then get the subdirectory between the next 2 slashes.

Which would be the same as "http://a.domain.com/1/index.htm?subdomain=a&subdirectory=1"

The goal is to get the subdomain and subdirectory into variables so I can pull the data for the page from the database.

Thanks.

Roger_Ramjet

Not sure I foloow you? You are generating links on one of your pages, yes? And when the user clicks it you want to build the output from the db, yes? So to pass the parameters you use standard GET.


echo '<a href="index.php?domain=a&subdomain=1">Link 1</a>';

Roger_Ramjet


// index.php

if (isset($_GET['domain']) { 
   $varD = $_GET['domain'] ;
   $varS = $_GET['subdomain'];
}

$sql = "SELECT * FROM table 
               WHERE domain='$varD' AND subdomain='$varS'";

Is that what you are after?

dougmcc1

The user is clicking a link that doesn't have parameters. It's a static URL - http://a.domain/1/

I believe your code requires the addition of:
?domain=a&subdomain=1

Is this correct or will your code work without the parameters?

Roger_Ramjet

Now you've really lost me!! If you want to pull the data from a db then you must have a target script that does that. You pass the parameters to that script through the url and it extracts the data and builds the page. Now that is what I understand you to need. If it is not then post real code with real urls and real table layouts and samples of the data. That is the only way I will understand what you are talking about.

IOf you want to fake the user into thinking that the page uel is different than that of your target script then you use mod_rewrite or use a redirect.

dougmcc1

Thanks Roger, I'm sorry that you don't understand my question. Perhaps someone else has an answer?

Basically I'm looking for the PHP equivalent of JavaScript's window.location function.

Roger_Ramjet

Well ther isn't one. How could there be? The window is on the client and php is on the server. (and if you'd just said that in the first place we might have got somewhere).

There are only 3 ways to pass information to the server, and it has to be passed, GET POST & COOKIE. Servers can't just go invading peoples machines. Even malicious script and websites have to install a Trojan or Spyware that passes the info to the server, the server can't just reach out and grab it. So if you know that much javascript then use javascript to grab the info, but it will still have to get, post, or cookie it to the sever.