setting varibles in the URL

joecooper · May 5, 2008

the page will be accessed like this:

index.php?module=login

and i have this code to load the corosponding page:

include("$module.php");

but it doesnt include anything.

and doing echo("$module"); doesnt return anything

pocobueno1388 · May 5, 2008

You would do it like this:

include($_GET['module'].".php");

This isn't the safest thing to do. Make sure you do a check on the file they put in the URL and make sure you want them to have access to it.

DarkWater · May 5, 2008

$module = $_GET['module']

>_> AND DO SOME CHECKING. Make sure they only include modules that YOU allow. Make an array of modules and use in_array.

peranha · May 5, 2008

you need

$module = $_GET['module'];

trq · May 5, 2008

You don't define $module anywhere. It would be..... $_GET['module'].

Having said that, it is extremely insecure to simply include files in such a manor. At the very least, try...

<?php

  if (isset($_GET['module'])) {
    if (file_exists($_GET['module'] . '.php')) {
      include $_GET['module'] . '.php';
    }
  }

?>

DarkWater · May 5, 2008

Still not secure....He needs some security.

Recommended Posts