the sr5 Posted April 23, 2008 Share Posted April 23, 2008 Ok i have always used this script to load my pages, i just tried using it and cant find where i made my error... here it is <? // Start a session \\ session_start(); ?> <? if(!isset($p)) { $page = "home"; } else { $page = $_GET['p']; } $page = $page. ".php"; ?> <? include ($page); ?> It loads home.php just find... but when you go to index.php?p=control, nothing happens it just takes me to what i see as if i was going to index.php.... Does anyone know what im trying to do haha...? or what is wrong with my code? Link to comment https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/ Share on other sites More sharing options...
Northern Flame Posted April 23, 2008 Share Posted April 23, 2008 $p is never defined Link to comment https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/#findComment-524553 Share on other sites More sharing options...
the sr5 Posted April 23, 2008 Author Share Posted April 23, 2008 well, its not supposed to till it is included in the link... hence http://blabla.com/index.php?p=bla or has things changed? i just never thought that php would change that much.... this was written back in php4 Link to comment https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/#findComment-524554 Share on other sites More sharing options...
Spaceman-Spiff Posted April 23, 2008 Share Posted April 23, 2008 Using $p directly instead of $_GET['p'] will only work if your PHP settings for register_globals is on (which is not safe). I think doing something like this will be a lot safer: <?php // Start a session session_start(); $page = $_GET['p'] . '.php'; if (file_exists($page)) include $page; else include 'home.php'; ?> And if you want to go the extra mile for security, also check if user inputs .. (disable include for parent directories). Link to comment https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/#findComment-524555 Share on other sites More sharing options...
Northern Flame Posted April 23, 2008 Share Posted April 23, 2008 Using $p directly instead of $_GET['p'] will only work if your PHP settings for register_globals is on (which is not safe). I think doing something like this will be a lot safer: <?php // Start a session session_start(); $page = $_GET['p'] . '.php'; if (file_exists($page)) include $page; else include 'home.php'; ?> yes that would be a lot safer because the first method is extremely easy to hack And if you want to go the extra mile for security, also check if user inputs .. (disable include for parent directories). Link to comment https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/#findComment-524558 Share on other sites More sharing options...
the sr5 Posted April 23, 2008 Author Share Posted April 23, 2008 that worked great! thank you guys! so the old method that i had was just a waste? now is that due to the new version of php? or was it always a danger to have? Link to comment https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/#findComment-524581 Share on other sites More sharing options...
PFMaBiSmAd Posted April 23, 2008 Share Posted April 23, 2008 Register globals (that were magically populating $p from any post/get/cookie/session variable by that same name) were turned off by default in php4.2 in the year 2002. This is not a php4 vs php5 problem, but a php4.2 problem. More and more web hosts are following the recommended configuration settings as they upgrade to php5. Which is good, because in this case, register globals have been completely eliminated in php6. Link to comment https://forums.phpfreaks.com/topic/102432-indexphpp-include-script-not-working/#findComment-524588 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.