Jump to content

grabbing pages with include()


draxxus

Recommended Posts

Is it better to use switch cases like this:

URL = index.php?content=home

$content = $_GET['content'];
switch($content){
case "home":
include "home.php";
break;
}

or could i do like
URL = index.php?content=index.php

$content = $_GET['content'];
include ("$content");

Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.

Just making sure.
Thanks!

Link to comment
Share on other sites

[quote author=draxxus link=topic=108713.msg437645#msg437645 date=1158718845]
Is it better to use switch cases like this:

URL = index.php?content=home

$content = $_GET['content'];
switch($content){
case "home":
include "home.php";
break;
}

or could i do like
URL = index.php?content=index.php

$content = $_GET['content'];
include ("$content");

Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.

Just making sure.
Thanks!


[/quote]

[b]Be sure you use ABSOLUTE file references, because the above is a security nightmare![/b]

If you insist on using this manner of routing (not even sure you can call this routing), I'd suggest option 1, just don't match 'content' with any filenames you have.

But if you want to avoid using 40 switches, I would suggest something like this:

include ($_SERVER['DOCUMENT_ROOT'].$content.'.php');

I can't recommend it, as it can lead to unwanted results like including a file you don't want included and thus is a potential security risk.
Link to comment
Share on other sites

[quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431]
[quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]
Whitelist your pages. Whitelisting is the most secure method of validation.
[/quote]
for the layman?
[/quote]

Whitelist === opposite of Blacklist  :P
Link to comment
Share on other sites

[quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431]
[quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]
Whitelist your pages. Whitelisting is the most secure method of validation.
[/quote]
for the layman?
[/quote]

Instead of just
[code]include($content.".php");[/code]
do something that'll keep a list of valid pages to include, and if the page requested isn't in that list, then throw an exception or throw a "you idiot" page at them.
Link to comment
Share on other sites

A whitelist, is like a guest list. If your name's not down, you're not getting in.

Only swap guests for pages..

[code]<?php

$pages = array(
    'home',
    'register',
    'etc..'
);

if (in_array($_GET['page'], $pages)) {
    include realpath('/path/to/pages/' . $_GET['page'] . 'php');
} else {
    include realpath('/path/to/pages/default.php');
}

?>[/code]
Link to comment
Share on other sites

[quote author=Jenk link=topic=108713.msg440400#msg440400 date=1159123058]
A whitelist, is like a guest list. If your name's not down, you're not getting in.

Only swap guests for pages..

[code]<?php

$pages = array(
    'home',
    'register',
    'etc..'
);

if (in_array($_GET['page'], $pages)) {
    include realpath('/path/to/pages/' . $_GET['page'] . 'php');
} else {
    include realpath('/path/to/pages/default.php');
}

?>[/code]
[/quote]

Could be done simpler:
[code]<?php
// input => file
$pages = array(
    'home' => 'home',
    'register' => 'register',
    'page1' => 'page2',
);

$page = empty($_GET['page']) ? "home" : strtolower($_GET['page']);
include "/path/to/pages/{$pages[$page]}.php";
?>[/code]
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.