draxxus Posted September 20, 2006 Share Posted September 20, 2006 Is it better to use switch cases like this:URL = index.php?content=home$content = $_GET['content'];switch($content){case "home":include "home.php";break;}or could i do likeURL = index.php?content=index.php$content = $_GET['content'];include ("$content");Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.Just making sure.Thanks! Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/ Share on other sites More sharing options...
448191 Posted September 20, 2006 Share Posted September 20, 2006 [quote author=draxxus link=topic=108713.msg437645#msg437645 date=1158718845]Is it better to use switch cases like this:URL = index.php?content=home$content = $_GET['content'];switch($content){case "home":include "home.php";break;}or could i do likeURL = index.php?content=index.php$content = $_GET['content'];include ("$content");Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.Just making sure.Thanks![/quote][b]Be sure you use ABSOLUTE file references, because the above is a security nightmare![/b]If you insist on using this manner of routing (not even sure you can call this routing), I'd suggest option 1, just don't match 'content' with any filenames you have.But if you want to avoid using 40 switches, I would suggest something like this:include ($_SERVER['DOCUMENT_ROOT'].$content.'.php');I can't recommend it, as it can lead to unwanted results like including a file you don't want included and thus is a potential security risk. Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-95090 Share on other sites More sharing options...
Jenk Posted September 21, 2006 Share Posted September 21, 2006 Whitelist your pages. Whitelisting is the most secure method of validation. Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-96094 Share on other sites More sharing options...
Daniel0 Posted September 21, 2006 Share Posted September 21, 2006 I would go for a list of modules (in an array), then load the file like this:[code]if($modules[$_GET['page']]){ include("includes/{$modules[$_GET['page']]");}else { include("includes/home.php");}[/code] Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-96185 Share on other sites More sharing options...
redbullmarky Posted September 21, 2006 Share Posted September 21, 2006 [quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]Whitelist your pages. Whitelisting is the most secure method of validation.[/quote]for the layman? Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-96322 Share on other sites More sharing options...
448191 Posted September 21, 2006 Share Posted September 21, 2006 [quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431][quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]Whitelist your pages. Whitelisting is the most secure method of validation.[/quote]for the layman?[/quote]Whitelist === opposite of Blacklist :P Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-96332 Share on other sites More sharing options...
neylitalo Posted September 21, 2006 Share Posted September 21, 2006 [quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431][quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]Whitelist your pages. Whitelisting is the most secure method of validation.[/quote]for the layman?[/quote]Instead of just [code]include($content.".php");[/code]do something that'll keep a list of valid pages to include, and if the page requested isn't in that list, then throw an exception or throw a "you idiot" page at them. Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-96361 Share on other sites More sharing options...
Jenk Posted September 24, 2006 Share Posted September 24, 2006 A whitelist, is like a guest list. If your name's not down, you're not getting in.Only swap guests for pages..[code]<?php$pages = array( 'home', 'register', 'etc..');if (in_array($_GET['page'], $pages)) { include realpath('/path/to/pages/' . $_GET['page'] . 'php');} else { include realpath('/path/to/pages/default.php');}?>[/code] Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-97680 Share on other sites More sharing options...
Daniel0 Posted September 24, 2006 Share Posted September 24, 2006 [quote author=Jenk link=topic=108713.msg440400#msg440400 date=1159123058]A whitelist, is like a guest list. If your name's not down, you're not getting in.Only swap guests for pages..[code]<?php$pages = array( 'home', 'register', 'etc..');if (in_array($_GET['page'], $pages)) { include realpath('/path/to/pages/' . $_GET['page'] . 'php');} else { include realpath('/path/to/pages/default.php');}?>[/code][/quote]Could be done simpler:[code]<?php// input => file$pages = array( 'home' => 'home', 'register' => 'register', 'page1' => 'page2',);$page = empty($_GET['page']) ? "home" : strtolower($_GET['page']);include "/path/to/pages/{$pages[$page]}.php";?>[/code] Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-97685 Share on other sites More sharing options...
Jenk Posted September 24, 2006 Share Posted September 24, 2006 Simpler != readable ;)[code]<?phpinclude (!empty($_GET['page']) && in_array($_GET['page'], array('home', 'register', 'login', 'logout', 'etc')) ? realpath('/path/to/pages/' . $_GET['page'] . 'php') : realpath('/path/to/pages/default.php'););?>[/code] Link to comment https://forums.phpfreaks.com/topic/21345-grabbing-pages-with-include/#findComment-97709 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.