Jump to content

include files


imagine1

Recommended Posts

I don't really know what you mean. But including file isn't that complicated.

 

Example:

<?php
// Check if file is set and filter it with preg_match, both have to be true to assign a value from $_GET
$file = isset($_GET['file'] && preg_match('#[a-z0-9_-]#iu', $_GET['file'])) ? $_GET['file'] : "your_default_include";
if(file_exists($file . '.php'))
{
    include($file . '.php');
}
?>

You could also have an array where all allowed files are defined:
<?php
$files = array(
             "file1" => "some/path/to/file1.php",
             "file2" => "more/files/file2.php",
             "default_file" => "default_file.php"
         );
$file = isset($_GET['file']) ? $_GET['file'] : "default_file";
include($files[$file]);
?>

Link to comment
Share on other sites

// Check if file is set and filter it with preg_match, both have to be true to assign a value from $_GET
$file = isset($_GET['file'] && preg_match('#[a-z0-9_-]#iu', $_GET['file'])) ? $_GET['file'] : "your_default_include";
if(file_exists($file . '.php'))
{
    include($file . '.php');
}
?>

Be careful.

index.php?file=index

Link to comment
Share on other sites

Thanks a lot for your replies!

 

I have in mind file_get_contents... But when i want to get the content of a file with encoding utf8 or the file has to send data through a form i have problem ...

 

What i want to do is for example...

 

include ("db.php");

 

The file db.php contains the connections with database and appear error message encoding in utf8 ....

 

or include('form.php'); which contains variables like $_POST['name']; and messages encoding in utf8...

Link to comment
Share on other sites

Actually now I don't know what you are trying to do at all. =)

 

You asked for help for including files. The keystone there is that you should always have a very strict rules to include files when using $_GET.

 

But what are you actually trying to do? If you have all your files saved as UTF-8, you have your charset headers and meta-tags ok. You have set your PHPs internal encoding to UTF-8 and you have set your MySQL database to UTF-8. And you check request header for charset. And even could try to validate if given data is in utf-8 form and otherwise you could just discard the data and show an error message. There is a function to check if data is valid UTF-8 somewhere in PHP.net user comments. don't remember where tough.

 

If all that is OK. You will have absolutely no worries regarding charsets. What's the problem now?

Link to comment
Share on other sites

Can you give an example what you mean by "The keystone there is that you should always have a very strict rules to include files when using $_GET"...

 

I have done all you said about mysql and utf8...

 

I have read to a php tutorial that when you include files by include(../file.php) is valnurable to attacks....So it is suggested to use file_get_contents(../file.php). The problem is that file_get_contents() doesn't work fine when the contents of a page are encoded in utf8 or should send data through a form...

 

Any help????

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.