I don’t get GETs!

I regularly get email and PM’s from people asking questions about coding. Obviously I don’t have time to answer all of these questions, but luckily it’s easy to choose which ones I WILL answer.

Sadly, most of the time the question is either too vague, lacking in detail, convoluted, or just so poorly written that it shows they didn’t bother to do any problem solving or learning on their own. Those are the ones I ignore.

Yesterday, I got this question about passing subids to a rotation script. The guy’s question is lucid and has enough detail so I don’t have to send a reply, but not so detailed that it’s a mess to read. So here it is:


I’ve found a bunch of useful stuff on your site and figured you could help solve my issue with p202 lp rotator script. I’ve check out http://ctrtard.com/affiliate-marketing/passing-variables-through-prosper-202-mo/ but that’s a bit different

I send my traffic to a .php script which then randomly rotates different landing pages, the script is:

$k = $_GET['sub'];

$aff[] = 'http://www.mydomain.com?t202id=****&c1=a&c2=b&c3=c&c4=d&t202kw=';
$aff[] = 'http://www.mydomain.com?t202id=****&c1=a&c2=b&c3=c&c4=d&t202kw=';

srand ((double) microtime() * 1000000);
$random_number = rand(0,count($aff)-1);

$lol = ($aff[$random_number]);
$lal = $lol.$k;

header("Location: $lal");

*found this script on AdHustler*

I want to pass the c1,c2,c3,c4 variables through the script. So far I can only pass through the subid(more like a keyword in this case) by adding ?sub={text} at the end of the .php script. So if my final link I post looks like http://www.mydomain.com/redir/1.php?sub={text} the {text} would get appended to my actual tracking url’s at the end like so: http://www.mydomain.com?t202id=****&c1=a&c2=b&c3=c&c4=d&t202kw={text}

What’s the best way to approach this script if I want to pass through and append the c1,c2,c3,4 variables to my tracking links? I’m pretty sure it should be quite easy it’s just that i’m my knowledge of php is non-existant lol

Should I contact Wes instead?

Any guidance is greatly appreciated!


Notice how he first played to my ego by telling me how useful my blog is? He even used a relevant link to my blog in the first paragraph! That’s how you do it people! And that last line about contacting Wes was just icing on the cake! But seriously, here’s the solution…


    $sub = $_GET['sub'];
    $c1 = $_GET['c1'];
    $c2 = $_GET['c2']; 
    $c3 = $_GET['c3']; 
    $c4 = $_GET['c4']; 

    $aff[] = "http://www.mydomain.com?t202id=1234&c1=$c1&c2=$c2&c3=$c3&c4=$c4&t202kw=$sub";
    $aff[] = "http://www.mydomain.com?t202id=1234&c1=$c1&c2=$c2&c3=$c3&c4=$c4&t202kw=$sub"; 
    $random_number = rand(0,count($aff)-1);
    $url = $aff[$random_number];

    header("Location: $url");


Careful readers will see I removed the srand function. You haven’t needed to seed the random number generator since early versions of PHP 4, and no one is running that anymore. I simplified a couple of other things as well.

The take-away from this is understanding how you get variables from the URL and used them in your script. This is done with assigning the $_GET global variable to a variable in your script. You can see, the first 5 lines are doing this.

Take a look at line 2. It says: $sub = $_GET[‘sub’]
The $_GET[‘sub’] part tells PHP to grab the value of “sub” as it appears in the URL in your browser’s address bar.

For example: http://google.com?sub=apples.

In this case, when we do $sub = $_GET[‘sub’], $sub would equal “apples”.

To make it even more clear, you could do this:

$fruit = $_GET[‘sub’];

Then $fruit would equal “apples”.

Once you have the value in the local variable, you can do whatever you want with it. Like use it in a redirect like we did here.

This stuff is basic, sure, but it’s something quite a few affiliates are a bit hazy on. And it’s something that you can use to pass data along to forms, scripts, landing pages, and more. So it’s good to know.


Leave a comment



CommentLuv badge


  • Great tutorial, simple and to the point. Given that the redirect script is most likely small you can also afford to use the extract function to assign the URL parameters directly to variables i.e.:


    will do the same as:

    $sub = $_GET[‘sub’];
    $c1 = $_GET[‘c1’];
    $c2 = $_GET[‘c2’];
    $c3 = $_GET[‘c3’];
    $c4 = $_GET[‘c4’];

    • Excellent advice. Using extract is a nice shortcut. I almost used it in the example, but for clarity’s sake I decided to do it variable by variable. Thanks for reading and commenting!

  • It might be worth cleaning the input, xss?

    Something like:
    $c1 = strip_tags($_GET[‘c1’]);

    I think prosper runs a mysql_real_escape_string on the c1-4 variables before entering it into the mysql database but it’s good practice to keep it clean.

    • Yup, I agree. Lots of people ignore this. I’ve seen countless script snippets that show LP rotation and DKI (dynamic keyword insertion) that ignore the possibility of XSS. (some of my examples included!)

      You’re right, 202 runs mysql_real_escape_string on all inserts AFAIK. So if you’re lazy, you wont have any SQL injection problems. But the XSS issue when using DKI on landers could be an issue.

      Best practice, like you said, is never trust outside input. For those that want to read more: http://en.wikipedia.org/wiki/Cross-site_scripting

      Thanks for reading!

  • esryl


    Built in PHP function to sanitise input. Should keep you safe from malicious injections.

  • -R

    Awesome. I did not expect an elaborate blog post as a reply. Thanks!

    Sorry if I came off as a douche, but I do find a lot of useful stuff over here.

    • Hey, seriously, you didn’t come off as a douche at all! It really was a well written question. I was just having some fun that’s all. I figured others might get something out of the answer, so I wrote the post.

      Thanks for the content idea 😉

  • -R

    I’m still not “GETting” something. Should my final script url look like this:

    ^when using such url i get an output like this:

    it seems i need some kind of separator in order to grab different variables?

    • Sorry, I guess I left that last part out. The final script url will look like this:


      When passing variables on a url, the first separator will be a question mark (?). Successive variables will be separated by an ampersand (&).

      Side note—–
      When assigning variables, order does not matter. For example:

      … this works just fine.

      Notice, I am not passing the t202id. On lines 8 & 9, the value is assigned as 1234. I did this based on the example you sent me. If you need to pass this too, they simply append “&t202id=666” to the end of your script url. You will then need to grab the variable from the $_GET array, etc. as I explained.

      I hope this clears it up.

  • Joseph

    Genius! What I wouldn’t give to have that information just rattling around in my head.

  • Joseph

    Genius! What I wouldn’t give to have that information just rattling around in my head.

  • Alfie

    How would you use this script to track on Prosper202? I’m talking specifically how to set it up in Prosper?

    I’ve been using


    for split-testing LPs for Facebook, but I’m having trouble passing c1-c4 variables using your PPV LP rotation script.

    • Giving specifics would require an entire post. If I were to give you a quick answer, I guarantee you it would generate a bunch of replies from other people 😉

      Passing variables through redirects can be tricky. This is especially true when you are dealing with a rotation script, a tracker (which has a couple of internal redirects) and a network. I’ll try and do a future post soon about how to do all of this. I think a lot of people will find it handy.

      Thanks for reading!

      • Alfie

        To clarify,

        I don’t necessarily need for the c1-c4 variables to “pass through”…just as long as prosper records the c1-c4 variables so I can track my campaigns properly.

  • Hi Mark.

    Sanitation aside, I like to filter out the empty variables/Get-tokens.

    if (!empty($_GET['sid'])){

    This way, if the token is visible in the URL, but it is not set to anything (&sid=&other=apple) it treats it like it wasn’t there in the first place.
    It also allows me to set a default value.

    • Nice tip. Thanks for reading!


Related posts by category

Related posts by tag