Jump to content

Archived

This topic is now archived and is closed to further replies.

draxxus

grabbing pages with include()

Recommended Posts

Is it better to use switch cases like this:

URL = index.php?content=home

$content = $_GET['content'];
switch($content){
case "home":
include "home.php";
break;
}

or could i do like
URL = index.php?content=index.php

$content = $_GET['content'];
include ("$content");

Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.

Just making sure.
Thanks!

Share this post


Link to post
Share on other sites
[quote author=draxxus link=topic=108713.msg437645#msg437645 date=1158718845]
Is it better to use switch cases like this:

URL = index.php?content=home

$content = $_GET['content'];
switch($content){
case "home":
include "home.php";
break;
}

or could i do like
URL = index.php?content=index.php

$content = $_GET['content'];
include ("$content");

Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.

Just making sure.
Thanks!


[/quote]

[b]Be sure you use ABSOLUTE file references, because the above is a security nightmare![/b]

If you insist on using this manner of routing (not even sure you can call this routing), I'd suggest option 1, just don't match 'content' with any filenames you have.

But if you want to avoid using 40 switches, I would suggest something like this:

include ($_SERVER['DOCUMENT_ROOT'].$content.'.php');

I can't recommend it, as it can lead to unwanted results like including a file you don't want included and thus is a potential security risk.

Share this post


Link to post
Share on other sites
Whitelist your pages. Whitelisting is the most secure method of validation.

Share this post


Link to post
Share on other sites
I would go for a list of modules (in an array), then load the file like this:

[code]if($modules[$_GET['page']])
{
include("includes/{$modules[$_GET['page']]");
}
else {
include("includes/home.php");
}[/code]

Share this post


Link to post
Share on other sites
[quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]
Whitelist your pages. Whitelisting is the most secure method of validation.
[/quote]
for the layman?

Share this post


Link to post
Share on other sites
[quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431]
[quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]
Whitelist your pages. Whitelisting is the most secure method of validation.
[/quote]
for the layman?
[/quote]

Whitelist === opposite of Blacklist  :P

Share this post


Link to post
Share on other sites
[quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431]
[quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]
Whitelist your pages. Whitelisting is the most secure method of validation.
[/quote]
for the layman?
[/quote]

Instead of just
[code]include($content.".php");[/code]
do something that'll keep a list of valid pages to include, and if the page requested isn't in that list, then throw an exception or throw a "you idiot" page at them.

Share this post


Link to post
Share on other sites
A whitelist, is like a guest list. If your name's not down, you're not getting in.

Only swap guests for pages..

[code]<?php

$pages = array(
    'home',
    'register',
    'etc..'
);

if (in_array($_GET['page'], $pages)) {
    include realpath('/path/to/pages/' . $_GET['page'] . 'php');
} else {
    include realpath('/path/to/pages/default.php');
}

?>[/code]

Share this post


Link to post
Share on other sites
[quote author=Jenk link=topic=108713.msg440400#msg440400 date=1159123058]
A whitelist, is like a guest list. If your name's not down, you're not getting in.

Only swap guests for pages..

[code]<?php

$pages = array(
    'home',
    'register',
    'etc..'
);

if (in_array($_GET['page'], $pages)) {
    include realpath('/path/to/pages/' . $_GET['page'] . 'php');
} else {
    include realpath('/path/to/pages/default.php');
}

?>[/code]
[/quote]

Could be done simpler:
[code]<?php
// input => file
$pages = array(
    'home' => 'home',
    'register' => 'register',
    'page1' => 'page2',
);

$page = empty($_GET['page']) ? "home" : strtolower($_GET['page']);
include "/path/to/pages/{$pages[$page]}.php";
?>[/code]

Share this post


Link to post
Share on other sites
Simpler != readable ;)

[code]<?php

include (!empty($_GET['page']) && in_array($_GET['page'], array('home', 'register', 'login', 'logout', 'etc')) ? realpath('/path/to/pages/' . $_GET['page'] . 'php') : realpath('/path/to/pages/default.php'););


?>[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.