PHP, How to add php code inside redirect_uri?

Question

i have a facebook code:

<iframe src="http://www.facebook.com/plugins/registration.php?
         client_id=138987726427834&
         redirect_uri=https://xxx.com/login.php?login=<?php echo  $login; ?>&pass=<?php echo  $pass; ?>&
         fields=<?php echo urlencode($fields);?>"
</iframe>

i was wondering why the $login and $pass dont work inside the redirect_uri ? they don't render inside the link.

i see that the ields=<?php echo urlencode($fields);?>" takes php.

any idea?

thanks

Answer 1

You probably want to escape that parameter with

redirect_uri=<?php echo urlencode("https://xxx.com/login.php?login={$login}&pass={$pass}"); ?>&

If you don't URL encode the URL, then you will send the parameters login and pass to registration.php , not to login.php .

Also, passing sensitive data such as passwords directly as GET variables is a bad practice. You might at least encrypt the password if you have to send it via GET.