Sending parameters with a Facebook share link

Question

I have a Facebook share link which i want to add the parameters of userid to so a can add content specific to the user within the Facebook share link.

my link is as follows

  <a href="http://www.facebook.com/sharer/sharer.php?u=<my site url>?UserId=[User-Id] target="_blank"><img src="assets/img/facebookBtn.jpg" alt=""></a>

my meta og links are

    <meta property="og:site_name" content="Group D World Cup Predictor" />
    <meta property="og:url" content="http://www.example.com/extension/" />
    <meta property="og:type" content="website" />
    <meta property="og:title" content="I predicted [Winning-Team] to win Group D!" />
    <meta property="og:description" content="I predicted [Winning-Team] to win Group D! Give your World Cup prediction for a chance to win a 4 night holiday." />
    <meta property="og:image" content="http://www.example.com/extension/assets/img/sharingImage.jpg" />
    <meta prosperty="fb:admins" content="myadminmu==number" />

from testing my php code it seems as though at the point at which its being sent i am able to see the user id. so my first question is this the correct way to send userId parameters via a URL.

Secondly im using a $_GET to retrieve the url UserId, is this the correct way to retrieve the userId, do i need to access it via a different method?

class HomeController extends BaseController {

  public function Index() 
  {
    $userId = $_GET['UserId'];

    $viewModel = new StdClass;

    $viewModel->WinningTeam = strtoupper(with(new FinalizeController)->getWinningTeam($userId)->Name);

    return View::make('home', $viewModel);

  }
}

I know getWinningTeam works, so its down to the url and it not sending the UserId as parameters to the home page. To be used by the meta tags to access relevant information regarding that user.

I have been reading a lot of articles saying it has been depreciated and you may not send the link with specific parameters but its contrasting as is the methods of implementation.

Any pointers would be greatly appreciated

Mike

Answer 1

First, try to avoid the use of capital letters in a URL (it is also true for query parameters).

Then, you should also encode your URL cause it is a query param itself here... here is an online tool I use to encode/decode a URL => http://meyerweb.com/eric/tools/dencoder/

So, supposing your URL is http://www.example.com/mypage?userid=0123456 , here is your link :

<a href="http://www.facebook.com/sharer/sharer.php?u=http%3A%2F%2Fwww.example.com%2Fmypage%3Fuserid%3D0123456" target="_blank"><img src="assets/img/facebookBtn.jpg" alt=""></a>

Finally, in order to follow the "Never Trust User Input" rule, you can't just receive the raw query param using $_GET['userid'] and directly use it... Instead you should check if the retrieved value is of the type you expect (for example: is_numeric() if your userId is supposed to be an integer, etc.).

Actually, you should just read this article about PHP Filters from the w3schools , cause I'm not a good teacher.