0

  1. I'm not a PHP dev and I have little experience with it. I ask for your forgiveness and assistance.

  2. Here's my problem:

I have a script and I need to be able to append a 'key' (I don't know what else to call it) like:

http://my-web-address.com/packages.php?key=secret

When this key is present, I need to run the code responsible for extracting the data from a .json file in a separate directory. (Normally, the code wouldn't index this directory. It should only indexes it when the key is present in the URL.)

I believe this code to be the foreach section in the link above.

I'm having a hard time explaining this in a way that makes sense, so I guess it's easier to show you what I mean.

I know it should be easy; at first I thought I could simply do it with something like this:

if ($key == "secret") {
    $document['packages'][] = getPackageData("secretdirectory/secret.json");
}

But alas, simply appending that didn't make it work.

Any ideas?

TimoStaudinger
  • 34,772
  • 13
  • 76
  • 86
A.J. Ruckman
  • 37
  • 7
  • It might be easier to understand what you've tried if you included the changes in the snippet instead of standalone - but I think you just might need to reference $_GET['key'] not just $key? – ahoffner Jun 01 '15 at 22:38

2 Answers2

1

As Ron Dadon said, but with a slight modification:

sanitize($value) {
  // Sanitize the key - see below
  return $value;
}

$key = sanitize($_GET['key']);

if ($key == "secret") {
  $document['packages'][] = getPackageData("secretdirectory/secret.json");
}

However you should sanitize that input, as anyone can change the key. Here are some resources on that:

Clean & Safe string in PHP

Remove all special characters from a string

The ultimate clean/secure function

Community
  • 1
  • 1
MattWithoos
  • 347
  • 1
  • 15
  • Sanitization is great, but it's not required if you only use the string for compersante in if statement. If the string will be used in any other way, sanitization is a must. For example, by using prepared statements for SQL, you don't need to sanitize it (you may need to validate it as for your app logic, but that's another thing). You will need to santize it against XSS after fetching it from the database. – Ron Dadon Jun 02 '15 at 08:00
  • Hi, thank you very much for the code, but I have no clue how to implement it without knowing PHP syntax! I tried simply copying it near the end of the file: http://pastebin.com/jf0QmrTU ...and now it doesn't output, I get a blank page. – A.J. Ruckman Jun 02 '15 at 18:14
-1

You need to use the GET array:

if ($_GET['key'] == "secret") {
    $document['packages'][] = getPackageData("secretdirectory/secret.json");
}
Ron Dadon
  • 2,605
  • 1
  • 12
  • 26
  • Hello, can you show me how to implement your code into my script? I don't know PHP syntax. Also, some background; I'm not using this code for SQL or anything really important; this data is relayed to a program that downloads files based on the contents of the .json files this script indexes. If this needs to be sanitized, can you show me how to add the sanitation code to the script? – A.J. Ruckman Jun 03 '15 at 22:53
  • I managed to get it somewhat working with this: http://pastebin.com/RmtqSQ8S However, now, when the key ?secret is added, the other package information disappears: how can I make it show the index of the secret.json file in **addition** to the other .json files? – A.J. Ruckman Jun 03 '15 at 23:14