Jump to content

grabbing pages with include()

draxxus

By draxxus
in Application Design

 Share

Recommended Posts

draxxus Newbie

draxxus

Posted
Posted
Is it better to use switch cases like this:

URL = index.php?content=home

$content = $_GET['content'];
switch($content){
case "home":
include "home.php";
break;
}

or could i do like
URL = index.php?content=index.php

$content = $_GET['content'];
include ("$content");

Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.

Just making sure.
Thanks!

Link to comment
https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/
Share on other sites
448191 Advanced Member

448191

Posted
Posted
[quote author=draxxus link=topic=108713.msg437645#msg437645 date=1158718845]
Is it better to use switch cases like this:

URL = index.php?content=home

$content = $_GET['content'];
switch($content){
case "home":
include "home.php";
break;
}

or could i do like
URL = index.php?content=index.php

$content = $_GET['content'];
include ("$content");

Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.

Just making sure.
Thanks!


[/quote]

[b]Be sure you use ABSOLUTE file references, because the above is a security nightmare![/b]

If you insist on using this manner of routing (not even sure you can call this routing), I'd suggest option 1, just don't match 'content' with any filenames you have.

But if you want to avoid using 40 switches, I would suggest something like this:

include ($_SERVER['DOCUMENT_ROOT'].$content.'.php');

I can't recommend it, as it can lead to unwanted results like including a file you don't want included and thus is a potential security risk.
448191 Advanced Member

448191

Posted
Posted
[quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431]
[quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]
Whitelist your pages. Whitelisting is the most secure method of validation.
[/quote]
for the layman?
[/quote]

Whitelist === opposite of Blacklist  :P
neylitalo Advanced Member

neylitalo

Posted
Posted
[quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431]
[quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]
Whitelist your pages. Whitelisting is the most secure method of validation.
[/quote]
for the layman?
[/quote]

Instead of just
[code]include($content.".php");[/code]
do something that'll keep a list of valid pages to include, and if the page requested isn't in that list, then throw an exception or throw a "you idiot" page at them.
Jenk Newbie

Jenk

Posted
Posted
A whitelist, is like a guest list. If your name's not down, you're not getting in.

Only swap guests for pages..

[code]<?php

$pages = array(
    'home',
    'register',
    'etc..'
);

if (in_array($_GET['page'], $pages)) {
    include realpath('/path/to/pages/' . $_GET['page'] . 'php');
} else {
    include realpath('/path/to/pages/default.php');
}

?>[/code]
Daniel0 Advanced Member

Daniel0

Posted
Posted
[quote author=Jenk link=topic=108713.msg440400#msg440400 date=1159123058]
A whitelist, is like a guest list. If your name's not down, you're not getting in.

Only swap guests for pages..

[code]<?php

$pages = array(
    'home',
    'register',
    'etc..'
);

if (in_array($_GET['page'], $pages)) {
    include realpath('/path/to/pages/' . $_GET['page'] . 'php');
} else {
    include realpath('/path/to/pages/default.php');
}

?>[/code]
[/quote]

Could be done simpler:
[code]<?php
// input => file
$pages = array(
    'home' => 'home',
    'register' => 'register',
    'page1' => 'page2',
);

$page = empty($_GET['page']) ? "home" : strtolower($_GET['page']);
include "/path/to/pages/{$pages[$page]}.php";
?>[/code]
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.