28 replies to this topic

[ICT Helpers]

You don't need to add a case statement in the post I linked to

Thanks

[fedekiller]

NP ^-^

[Koncept]

I would just go like this

if(isset($_GET['id])) {
	$requestlct = $_GET['id'];
} else {
	$requestlct = 'idx';
}
$requestlct = str_replace("+", "/", $requestlct);
if (file_exists("source/$requestlct.php")) {
	include("source/$requestlct.php");
} else {
	include('source/errors/404.php');
}

Edited by Koncept, 04 May 2006 - 04:41 PM.

[ICT Helpers]

NP ^-^

Not sure what you are saying there
Do you know what advantages one has over the other, or does anybody else know?

I would just go like this

if(isset($_GET['id])) {
	$requestlct = $_GET['id'];
} else {
	$requestlct = 'idx';
}
$requestlct = str_replace("+", "/", $requestlct);
if (file_exists("source/$requestlct.php")) {
	include("source/$requestlct.php");
} else {
	include('source/errors/404.php');
}

What are the advantages of using this code compared to the others posted?

[mbx5nitro]

In this code

if(isset($_GET['id])) {
	$requestlct = $_GET['id'];
} else {
	$requestlct = 'idx';
}
$requestlct = str_replace("+", "/", $requestlct);
if (file_exists("source/$requestlct.php")) {
	include("source/$requestlct.php");
} else {
	include('source/errors/404.php');
}

This part

if(isset($_GET['id])) {
	$requestlct = $_GET['id'];
} else {
	$requestlct = 'idx';
}

Calls the id the first part of that $requestlct = $_GET['id']; gets the file name that you put in the link. The else statment
} else {$requestlct = 'idx'; That is the default file it will get if nothing is specified. To make the idx work you must have a file in the source folder with the name idx.php so the path to your idx file would be "source/idx.php"

This part

$requestlct = str_replace("+", "/", $requestlct);
if (file_exists("source/$requestlct.php")) {
	include("source/$requestlct.php");
} else {
	include('source/errors/404.php');

Checks to see if the file exist and if it does it sends you to "source/$requestlct.php" where $requestlct.php is the page name. like if your link was index.php?id=news the $requestlct.php would turn into news.php. If the file you specifed doesnt exist you are sent to the 404.php page which is your error page.

Hope that helps. Thats a great way to do the navigation although ALL your files must have the .php extention to work.

[ICT Helpers]

Thanks for the explanation mbx5nitro My query however is that code better than the code that was posted earlier in the topic?

Livemans code but shorter

<?php
$id = $_GET['id'];
(!$id || !file_exists("$id.php")) ? include 'news.php' : include "$id.php";  
?>

A quick explanation on what livemans code does to those who dont know:
Basically it checks if the variable id is empty or if a php file exists with that id, if either condition is true it includes news.php else it includes the requested file

I would recommend the case method as its securer

[mbx5nitro]

Im not sure i dont understand the security aspect enough to say i would say the code i explained is better but i dont know. maybe someone else can say more.

[ChaMChoM]

man that tut helped me alote thanks

[Hayden]

just make sure you dont have any secret files cause someone might use

?id=../../secrets/ftppasswords.ext

You would be correct, assuming he was doing something like include $_GET['id'].".php";

which i think is bad coding all together without some sort of checking of the user input. I think I've read it hear before as well as elsewhere, but as you code, you should never trust user input. Even by accident, someone can find a vulnerability.