Jump to content

Recommended Posts

Hi - I'm just starting out with PHP, and indeed most web design, so forgive any rudimentary and laughable mistakes I make/have made!

 

I got this idea from AListApart (http://www.alistapart.com/articles/phpcms/ and loved the simplicity of the idea of selecting the content with a menu click.

 

So, I dropped it into the menu system (menu.php, include into template):

 

<a href="selous.php?page=exhibsys">

 

Where $page would tell the template page (selous.php) what content to have in its main area:

 

    <!-- MAIN CONTENT STARTS HERE -->

    <td id="main">

    <table width="100%" border="0" cellspacing="15" cellpadding="0">

      <tr>

        <td><div id="mainitem">

          <?php include("$page.php"); ?>

          </td>

      </tr>

    </table>

      </td>

    <!-- END OF MAIN CONTENT -->

 

Back on my home pc (win7, PHP5, Apache 2) it works like a dream. At work (Mac OSX10.4, PHP5, Apache 2 under MAMP) it refuses to do the include:

 

[02-Feb-2011 09:29:34] PHP Warning:  include(page.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in /Applications/MAMP/htdocs/SelousPub2011/selous.php on line 51

[02-Feb-2011 09:29:34] PHP Warning:  include() [<a href='function.include'>function.include</a>]: Failed opening 'page.php' for inclusion (include_path='.:/Applications/MAMP/htdocs/SelousPub2011/') in /Applications/MAMP/htdocs/SelousPub2011/selous.php on line 51

 

So is my code at fault, or the way this MAC is set up under MAMP?

 

Any help will be hugely appreciated, as I'm hair-tearing and running out of knowledge (didn't take long!)

 

Firstly, it is very insecure to blindly include a file like that. You really should validate that it is indeed a file that exists, and also one that you want to include.

 

Secondly, is this the exact code you are using? The error suggests that it is trying to include a file called page.php. Are you sure you have double quotes around $page.php

 

Thirdly, $page is not actually defined anywhere. Register globals have been off by default for security reasons for over 8 years. You should be using $_GET['page'] instead.

 

I would be more inclined to replace this....

 

<?php include("$page.php"); ?>

 

with....

 

<?php
$valid = array('home','about','whatever'); // a list of valid files.
if (in_array($_GET['page'], $valid)) {
  include $_GET['page'] . '.php';
}
?>

Hmm obviously I have a lot to learn! (understatement...)

 

8 years? That'll teach me to blithely research on the net...

 

If I have this right, you're saying I should replace all includes? I'm using the <?php include("nameoffile.php"); ?> method for all my page content (header,footer,menu etc etc). Should that be changed to something more secure?

 

How would the syntax work within a menu? Ideally, I'd like the process to go:

 

  (menu in current page)                                    (next page)

clickable link that defines........the content element of the page that's loaded here

 

If this is ridiculously rudimentary, and your most diplomatic answer should be "go and learn php properly" (wouldn't blame you! :) ) could you point me in the right direction for up-to-date simple and easy to follow walkthroughs, only I've been to too many sites over the last week or so that have utterly frustrated and flummoxed me in equal measure...

 

Thanks in advance for your advice.

If I have this right, you're saying I should replace all includes? I'm using the <?php include("nameoffile.php"); ?> method for all my page content (header,footer,menu etc etc). Should that be changed to something more secure?

 

There is nothing wrong with the include construct, and using it as described is one of its intended uses. Your original example however uses a variable as input to the include construct. I was saying it is not safe to rely on user input to determine what file 'include' actually includes.

Ah okay (and phew!).

 

So what I should put in the main page code is

 

<?php

$valid = array('home','about','whatever'); // a list of valid files.

if (in_array($_GET['page'], $valid)) {

  include $_GET['page'] . '.php';

}

?>

 

as a means of verifying that the page exists - I understand. So, the whole variable definition is hugely unwise, then...pity - seemed such a simple solution. Best then to create separate main pages for each menu destination...

 

Many thanks!

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.