Jump to content

index.php?p= include script not working


the sr5

Recommended Posts

Ok i have always used this script to load my pages, i just tried using it and cant find where i made my error... here it is

 

 

<?
// Start a session \\
session_start();
?>
<?
if(!isset($p)) {
   				$page = "home"; 
	} else {
			$page = $_GET['p'];
	}
		$page = $page. ".php";
?>


<? include ($page); ?>

 

 

It loads home.php just find... but when you go to index.php?p=control, nothing happens it just takes me to what i see as if i was going to index.php....

 

Does anyone know what im trying to do haha...? or what is wrong with my code?

Link to comment
https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/
Share on other sites

Using $p directly instead of $_GET['p'] will only work if your PHP settings for register_globals is on (which is not safe).

 

I think doing something like this will be a lot safer:

<?php

// Start a session
session_start();

$page = $_GET['p'] . '.php';

if (file_exists($page))
include $page;
else 
include 'home.php';

?>

 

And if you want to go the extra mile for security, also check if user inputs .. (disable include for parent directories).

Using $p directly instead of $_GET['p'] will only work if your PHP settings for register_globals is on (which is not safe).

 

I think doing something like this will be a lot safer:

<?php

// Start a session
session_start();

$page = $_GET['p'] . '.php';

if (file_exists($page))
include $page;
else 
include 'home.php';

?>

 

yes that would be a lot safer because the first

method is extremely easy to hack

And if you want to go the extra mile for security, also check if user inputs .. (disable include for parent directories).

Register globals (that were magically populating $p from any post/get/cookie/session variable by that same name) were turned off by default in php4.2 in the year 2002.

 

This is not a php4 vs php5 problem, but a php4.2 problem. More and more web hosts are following the recommended configuration settings as they upgrade to php5. Which is good, because in this case, register globals have been completely eliminated in php6.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.