php and wordpress

[Captain Xarzu]

I have a question about referrals for my wordpress blog. This might be more of a PHP question than a wordpress question. After I manage to add the field to the sign-up page where the user can add a referral ID, how do I add the functionality where that referral ID can be inserted automatically in the sign-in page? I know that in PHP you can add strings at the end of a URL like?this or like?this=that but how does one make sure that this translates to a string being added to a field in the web page?

 

[ezkimo]

I have a question about referrals for my wordpress blog. This might be more of a PHP question than a wordpress question. After I manage to add the field to the sign-up page where the user can add a referral ID, how do I add the functionality where that referral ID can be inserted automatically in the sign-in page? I know that in PHP you can add strings at the end of a URL like?this or like?this=that but how does one make sure that this translates to a string being added to a field in the web page?

http://www.example.com?referralID=ABCDEF
<input type="text" value="<? echo $_GET['referralID']; ?>" />

 

[DJBenE]

http://www.example.com?referralID=ABCDEF
<input type="text" value="<? echo $_GET['referralID']; ?>" />

And that easily your website just got powned. ALWAYS, ALWAYS, ALWAYS sanitize your variables!!!

<input type="text" value="<?php echo htmlentities($_GET['referralID']); ?>" />

If you're going to use the variable with a mysql database, be sure to escape the string before use:

$refID = mysql_real_escape_string($_GET['referralID']);