freaka Posted January 22, 2010 Share Posted January 22, 2010 Hey guys, I need some help big time! Ok, what I'm trying to do is include a document in a page based on variables retrieved using _GET. Specifically, this is what I'm trying to do. This code is placed in a file called profile.php and it is stored in the root web directory on the server. All of the profiles are stored in the folder /profiles then sorted into different folders based on what category they fall into. For example, our site has business profiles, so if it was a profile for McDonald's it would be stored in http://oyaindia.com/profiles/restaurants. I'm trying to write the script so I can enter a url like this: (http://oyaindia.com/profile.php?p=mcdonalds&c=restaurants) and have it include the file: (http://oyaindia.com/profiles/restaurants/mcdonalds.html). Here's the code I wrote, but it doesn't seem to work. I noticed that if I have a file in the profiles directory's root, i can enter the name of the file as 'p' and I can enter anything I want for c and it will ignore c and still include 'p' as long as that file exists in /profiles. Help please guys! Thanks for taking the time out to help! <?php if (isset($_GET['p'])) { $p = $_GET['p']; $c = $_GET['c']; if (file_exists("profiles/$c/$p.html")) { include("profiles/$c/$p.html"); } else { include("error.html"); } } else { include("profiles/profiletemplate.html"); } ?> Link to comment https://forums.phpfreaks.com/topic/189432-php-include-via-url-parameters/ Share on other sites More sharing options...
freaka Posted January 22, 2010 Author Share Posted January 22, 2010 I don't mean to beg, but I very much need some help with this, it's not a personal project, it's for my job. So please, anyone who can take a few minutes out to help me, I'd seriously appreciate it. Link to comment https://forums.phpfreaks.com/topic/189432-php-include-via-url-parameters/#findComment-999924 Share on other sites More sharing options...
manwhoeatsrats Posted January 22, 2010 Share Posted January 22, 2010 I am not the far most expert on php but here is a go at it. <?php if (isset($_GET['p'])) { $p = $_GET['p']; $c = $_GET['c']; $file_check = "profiles/" . $c . "/" . $p . ".html"; if (file_exists('$file_check')) { include('$file_check'); } else { include('error.html'); } } else { include('profiles/profiletemplate.html'); } ?> I hope this is helpful... Link to comment https://forums.phpfreaks.com/topic/189432-php-include-via-url-parameters/#findComment-999929 Share on other sites More sharing options...
freaka Posted January 22, 2010 Author Share Posted January 22, 2010 It's a step in the right direction I think, but for some reason it still won't work right. Using that code everytime I try to enter a url that should work, it includes the error page. Thanks for trying though, any ideas? Link to comment https://forums.phpfreaks.com/topic/189432-php-include-via-url-parameters/#findComment-999940 Share on other sites More sharing options...
Mchl Posted January 22, 2010 Share Posted January 22, 2010 In this part of code if (file_exists('$file_check')) { include('$file_check'); } else { use double quotes instead of single... or in fact, drop quotes entirely if (file_exists($file_check)) { include($file_check); } else { Also be aware of possible remote include attack with this code. See 'PHP Security Tutorial' in my sig for details. Link to comment https://forums.phpfreaks.com/topic/189432-php-include-via-url-parameters/#findComment-999943 Share on other sites More sharing options...
freaka Posted January 22, 2010 Author Share Posted January 22, 2010 OMG THANK YOU! You truly are a guru, you rock! Link to comment https://forums.phpfreaks.com/topic/189432-php-include-via-url-parameters/#findComment-999944 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.