r3p0 Posted May 1, 2009 Share Posted May 1, 2009 The question: How can I instruct PHP to recognize when a user clicks an "Acme Products" link, then insert "subdirectory/acme.html" into "coupons.php"? The explanation: I'm building a site that should list a few coupons. In my "coupons.php" file I hope to display a list of links, each link named after the business that is offering a particular coupon. In a "sub-directory" I have an HTML, JPG & PDF file, all with the same file name (except the different extensions), each file name corresponding to the business it "represents." For instance, on "coupons.php" the link, "Acme Products" links to "subdirectory/acme.html". "Acme.html" has links to "acme.jpg" & "acme.pdf" (The JPG and PDF and in the same directory as the HTML). The answer: ??? Thank you! Quote Link to comment https://forums.phpfreaks.com/topic/156463-solved-include-from-a-directory-with-php/ Share on other sites More sharing options...
Ken2k7 Posted May 1, 2009 Share Posted May 1, 2009 You can't do user interactions with PHP. That must be done with JavaScript. Can you give me an example of a link and what it does when clicked upon? Quote Link to comment https://forums.phpfreaks.com/topic/156463-solved-include-from-a-directory-with-php/#findComment-823854 Share on other sites More sharing options...
mikesta707 Posted May 2, 2009 Share Posted May 2, 2009 so you want to simply include a page in that coupons page based on which link they pressed. Thats just a simple include. set your links up like <a href="coupons.php?page=Acme" >acme coupons</a> and then on coupons.php have some code that is like if (isset($_GET['page'])){ include($_GET['page'].".html"); } else { //show content on coupons.php } of course you are going to want to validate that the get variable is actually a page that you have on the server Quote Link to comment https://forums.phpfreaks.com/topic/156463-solved-include-from-a-directory-with-php/#findComment-823985 Share on other sites More sharing options...
r3p0 Posted May 6, 2009 Author Share Posted May 6, 2009 This is great! However, "Acme.html" is in another directory. I would really like to keep it in that directory. How can I tell that second bit of code to "include($GET..." from one directory below the place I keep "coupons.php"? Quote Link to comment https://forums.phpfreaks.com/topic/156463-solved-include-from-a-directory-with-php/#findComment-828061 Share on other sites More sharing options...
premiso Posted May 6, 2009 Share Posted May 6, 2009 mikesta, please revise your code. r3po, please use this instead: if (isset($_GET['page']) && file_exists($_GET['page'] . ".html")){ include("../" . $_GET['page'].".html"); } else { //show content on coupons.php } Or an even better approach: $allowedIncludes = array("Ames", "Borrock", "Acme"); if (isset($_GET['page']) && in_array($_GET['page'], $allowedIncludes)) { include("../" . $_GET['page'].".html"); }else { } Doing it without either one of those test opens up your site to be exploited, and exploited very easily/maliciously and without you even knowing until you learn that your site files have been modified. Setting up those simple checks will make sure that someone does not include a remote url to get processed/executed by your script and give them access. Edit: The "../" in the include part takes you up one directory. Quote Link to comment https://forums.phpfreaks.com/topic/156463-solved-include-from-a-directory-with-php/#findComment-828070 Share on other sites More sharing options...
r3p0 Posted May 6, 2009 Author Share Posted May 6, 2009 Nicely done. I figured out the "other directory" bit, but would have no idea about security. Thank you very much! Quote Link to comment https://forums.phpfreaks.com/topic/156463-solved-include-from-a-directory-with-php/#findComment-828082 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.