al3x8730 Posted September 8, 2008 Share Posted September 8, 2008 how can I make a URL that will display process.php As if they entered $username into a form. form example: <form action="process.php" method="post"> Username:<br /> <input type="text" maxlength="16" name="username" /><br /> <input type="submit" value="Get User Information" /> </form> process.php(not the whole thing...): <?php $username = $_POST['username']; $filename = "users/".$username.".php"; if (file_exists($filename)) { include($filename); } else { echo "No such user exists"; } ?> I cut a lot out, that's just an example. Link to comment https://forums.phpfreaks.com/topic/123319-url-as-if-entered-in-form/ Share on other sites More sharing options...
discomatt Posted September 8, 2008 Share Posted September 8, 2008 <?php $username = $_REQUEST['username']; $filename = "users/".$username.".php"; if (file_exists($filename)) { include($filename); } else { echo "No such user exists"; } ?> Then call the page like process.php?username=theirname This is dangerous though, and I suggest using regex to validate the name before including... try something like process.php?username=../index.php It'll then include index.php from the parent folder. You probably want to use a regex like if ( preg_match('%[^A-z\d-]%', $username) ) die( 'No such user exists' ); That'll allow usernames with letters, numbers, underscores and dashes only. Link to comment https://forums.phpfreaks.com/topic/123319-url-as-if-entered-in-form/#findComment-636906 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.