Help - Search - Members - Calendar
Full Version: [php] - [better Page Including] - [winuu]
Pixel2Life Forum > Member Tutorials and Requests > Forum Tutorial Archives > PHP Tutorials
winuu
May 5 2005, 01:03 PM
Many people use this way to include pages in their PHP files:

CODE
<?php
if ($page = "software")
{
 include "software.php";
}
elseif ($page = "moose")
{
 include "moose.php";
}
elseif ($page = "about")
{
 include "about.php";
}
else
{
 include "default.php";
}
?>


The above code can be made simply by effectively using the Switch statement:

CODE
<?php
switch ($page)
{
 case "software":
 case "moose":
 case "about":
   include "$page.php";
   break;
 default:
   include "default.php";
   break;
}
?>


Now, if REGISTER_GLOBALS is set off in php.ini, just replace $page with $_GET["page"], and it should work. smile.gif
adam123
May 5 2005, 01:08 PM
They work basically the same, a better way would be:

CODE
<?php

if (file_exists($_GET['page'] . ".php"))
{
 include $_GET['page'] . ".php";
}
else
{
 include "404.php";
}

?>


Oh yeah, you shouldn't really use $page instead of $_POST['page']/$_GET['page'] as it poses as a security threat.
MaRmAR
May 6 2005, 02:21 AM
if you use
CODE
import_request_variables("gp");

somewhere at the start of your PHP, you will not have to use variable format like $_GET["page"]...
winuu
May 6 2005, 05:13 AM
QUOTE(adam123 @ May 5 2005, 09:08 PM)
They work basically the same, a better way would be:

CODE
<?php

if (file_exists($_GET['page'] . ".php"))
{
 include $_GET['page'] . ".php";
}
else
{
 include "404.php";
}

?>


Oh yeah, you shouldn't really use $page instead of $_POST['page']/$_GET['page'] as it poses as a security threat.

Actually, that would just be an easier way, not necessarily a better way to do it; the code sample you provided actually has a security flaw. It allows the user to include any page/file on the server. bigwink.gif
adam123
May 6 2005, 10:37 AM
Yeah, but why the hell would you store important files UNPROTECTED in a directory anyone can view? Users can't view files in .htaccess/.htpass protected pages, they can't view files below the current directory, etc. etc.
I'm not going to get into an argument about this as it's stupid, but i'm just proving my point.
winuu
May 6 2005, 10:41 AM
tongue.gif Never mind...
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.