I have a PHP/HTML form that when the submit form button is pressed it is supposed make the database changes and redirect the page to another URL to view the form details. The next page requires receiving two variables via GET in order to load the information from the database.
I am using the following line of code to redirect the page after the form is submitted:
echo '<META HTTP-EQUIV="refresh" Content="0;URL=http://grserviceswap.isys489.com/dev/Abraham/providerViewsAPost.php?SPPostingID=' . $PostingID . '&UserID=' . $UserID . '"/>';
The problem is that when it redirects it adds two semicolons like this:
http://grserviceswap.isys489.com/dev/Abraham/providerViewsAPost.php?SPPostingID=7;%20&UserID=33;
The semicolon add the end prevents the page from loading properly. I can remove it manually and it will work, but normal users won't know to do that.
How can I get the meta refresh to not add the semicolons?
You should be sanitizing GET variables to protect against XSS (cross site scripting) attacks. If both are integers, you can enforce that.
echo '<META HTTP-EQUIV="refresh" Content="0;URL=http://grserviceswap.isys489.com/dev/Abraham/providerViewsAPost.php?SPPostingID=' . intval($PostingID) . '&UserID=' . intval($UserID) . '"/>';
Note I also changed the & to & which is the correct HTML encoding.