Grabbing field values

Jon12345

I have the following code:

<?php
$filename=$_GET['url'];
if (!$filename) $filename="http://www.live.com/?searchonly=true";
$html =file_get_contents($filename);
echo $html;
?>

Instead of hard coding the url, I would like a field where I can just paste in the url and click Submit.

How can I do this?

Thanks,

Jon

bradgrafelman

<?php 
if(!isset($_GET['url'])) {
?>
<form method="GET" action="<?php echo $_SERVER['PHP_SELF']; ?>">
URL: <input type="text" name="url" /> <input type="submit" value="Submit" />
</form>
<?php
} else {

$url = $_GET['url'];

if(strpos($url, 'http://') !== 0) {
    die('Error: Invalid URL. Please make sure the URL begins with "http://" !');
}

$html = file_get_contents($url);
echo $html;

}
?>

Note that I used [man]strpos/man to verify that the URL entered began with "http://" -- otherwise, you could let malicious attackers see the source code of virtually any file on your server!