draxxus Posted September 20, 2006 Share Posted September 20, 2006 Is it better to use switch cases like this:URL = index.php?content=home$content = $_GET['content'];switch($content){case "home":include "home.php";break;}or could i do likeURL = index.php?content=index.php$content = $_GET['content'];include ("$content");Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.Just making sure.Thanks! Quote Link to comment Share on other sites More sharing options...
448191 Posted September 20, 2006 Share Posted September 20, 2006 [quote author=draxxus link=topic=108713.msg437645#msg437645 date=1158718845]Is it better to use switch cases like this:URL = index.php?content=home$content = $_GET['content'];switch($content){case "home":include "home.php";break;}or could i do likeURL = index.php?content=index.php$content = $_GET['content'];include ("$content");Reason is I have a large menu with 40+ links and writing a bunch of switch cases will be long and tedious.Just making sure.Thanks![/quote][b]Be sure you use ABSOLUTE file references, because the above is a security nightmare![/b]If you insist on using this manner of routing (not even sure you can call this routing), I'd suggest option 1, just don't match 'content' with any filenames you have.But if you want to avoid using 40 switches, I would suggest something like this:include ($_SERVER['DOCUMENT_ROOT'].$content.'.php');I can't recommend it, as it can lead to unwanted results like including a file you don't want included and thus is a potential security risk. Quote Link to comment Share on other sites More sharing options...
Jenk Posted September 21, 2006 Share Posted September 21, 2006 Whitelist your pages. Whitelisting is the most secure method of validation. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted September 21, 2006 Share Posted September 21, 2006 I would go for a list of modules (in an array), then load the file like this:[code]if($modules[$_GET['page']]){ include("includes/{$modules[$_GET['page']]");}else { include("includes/home.php");}[/code] Quote Link to comment Share on other sites More sharing options...
redbullmarky Posted September 21, 2006 Share Posted September 21, 2006 [quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]Whitelist your pages. Whitelisting is the most secure method of validation.[/quote]for the layman? Quote Link to comment Share on other sites More sharing options...
448191 Posted September 21, 2006 Share Posted September 21, 2006 [quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431][quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]Whitelist your pages. Whitelisting is the most secure method of validation.[/quote]for the layman?[/quote]Whitelist === opposite of Blacklist :P Quote Link to comment Share on other sites More sharing options...
neylitalo Posted September 21, 2006 Share Posted September 21, 2006 [quote author=redbullmarky link=topic=108713.msg438977#msg438977 date=1158871431][quote author=Jenk link=topic=108713.msg438745#msg438745 date=1158847884]Whitelist your pages. Whitelisting is the most secure method of validation.[/quote]for the layman?[/quote]Instead of just [code]include($content.".php");[/code]do something that'll keep a list of valid pages to include, and if the page requested isn't in that list, then throw an exception or throw a "you idiot" page at them. Quote Link to comment Share on other sites More sharing options...
Jenk Posted September 24, 2006 Share Posted September 24, 2006 A whitelist, is like a guest list. If your name's not down, you're not getting in.Only swap guests for pages..[code]<?php$pages = array( 'home', 'register', 'etc..');if (in_array($_GET['page'], $pages)) { include realpath('/path/to/pages/' . $_GET['page'] . 'php');} else { include realpath('/path/to/pages/default.php');}?>[/code] Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted September 24, 2006 Share Posted September 24, 2006 [quote author=Jenk link=topic=108713.msg440400#msg440400 date=1159123058]A whitelist, is like a guest list. If your name's not down, you're not getting in.Only swap guests for pages..[code]<?php$pages = array( 'home', 'register', 'etc..');if (in_array($_GET['page'], $pages)) { include realpath('/path/to/pages/' . $_GET['page'] . 'php');} else { include realpath('/path/to/pages/default.php');}?>[/code][/quote]Could be done simpler:[code]<?php// input => file$pages = array( 'home' => 'home', 'register' => 'register', 'page1' => 'page2',);$page = empty($_GET['page']) ? "home" : strtolower($_GET['page']);include "/path/to/pages/{$pages[$page]}.php";?>[/code] Quote Link to comment Share on other sites More sharing options...
Jenk Posted September 24, 2006 Share Posted September 24, 2006 Simpler != readable ;)[code]<?phpinclude (!empty($_GET['page']) && in_array($_GET['page'], array('home', 'register', 'login', 'logout', 'etc')) ? realpath('/path/to/pages/' . $_GET['page'] . 'php') : realpath('/path/to/pages/default.php'););?>[/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.