aojbirks Posted February 2, 2011 Share Posted February 2, 2011 Hi - I'm just starting out with PHP, and indeed most web design, so forgive any rudimentary and laughable mistakes I make/have made! I got this idea from AListApart (http://www.alistapart.com/articles/phpcms/ and loved the simplicity of the idea of selecting the content with a menu click. So, I dropped it into the menu system (menu.php, include into template): <a href="selous.php?page=exhibsys"> Where $page would tell the template page (selous.php) what content to have in its main area: <!-- MAIN CONTENT STARTS HERE --> <td id="main"> <table width="100%" border="0" cellspacing="15" cellpadding="0"> <tr> <td><div id="mainitem"> <?php include("$page.php"); ?> </td> </tr> </table> </td> <!-- END OF MAIN CONTENT --> Back on my home pc (win7, PHP5, Apache 2) it works like a dream. At work (Mac OSX10.4, PHP5, Apache 2 under MAMP) it refuses to do the include: [02-Feb-2011 09:29:34] PHP Warning: include(page.php) [<a href='function.include'>function.include</a>]: failed to open stream: No such file or directory in /Applications/MAMP/htdocs/SelousPub2011/selous.php on line 51 [02-Feb-2011 09:29:34] PHP Warning: include() [<a href='function.include'>function.include</a>]: Failed opening 'page.php' for inclusion (include_path='.:/Applications/MAMP/htdocs/SelousPub2011/') in /Applications/MAMP/htdocs/SelousPub2011/selous.php on line 51 So is my code at fault, or the way this MAC is set up under MAMP? Any help will be hugely appreciated, as I'm hair-tearing and running out of knowledge (didn't take long!) Quote Link to comment Share on other sites More sharing options...
trq Posted February 2, 2011 Share Posted February 2, 2011 Firstly, it is very insecure to blindly include a file like that. You really should validate that it is indeed a file that exists, and also one that you want to include. Secondly, is this the exact code you are using? The error suggests that it is trying to include a file called page.php. Are you sure you have double quotes around $page.php Thirdly, $page is not actually defined anywhere. Register globals have been off by default for security reasons for over 8 years. You should be using $_GET['page'] instead. I would be more inclined to replace this.... <?php include("$page.php"); ?> with.... <?php $valid = array('home','about','whatever'); // a list of valid files. if (in_array($_GET['page'], $valid)) { include $_GET['page'] . '.php'; } ?> Quote Link to comment Share on other sites More sharing options...
aojbirks Posted February 2, 2011 Author Share Posted February 2, 2011 Hmm obviously I have a lot to learn! (understatement...) 8 years? That'll teach me to blithely research on the net... If I have this right, you're saying I should replace all includes? I'm using the <?php include("nameoffile.php"); ?> method for all my page content (header,footer,menu etc etc). Should that be changed to something more secure? How would the syntax work within a menu? Ideally, I'd like the process to go: (menu in current page) (next page) clickable link that defines........the content element of the page that's loaded here If this is ridiculously rudimentary, and your most diplomatic answer should be "go and learn php properly" (wouldn't blame you! ) could you point me in the right direction for up-to-date simple and easy to follow walkthroughs, only I've been to too many sites over the last week or so that have utterly frustrated and flummoxed me in equal measure... Thanks in advance for your advice. Quote Link to comment Share on other sites More sharing options...
trq Posted February 2, 2011 Share Posted February 2, 2011 If I have this right, you're saying I should replace all includes? I'm using the <?php include("nameoffile.php"); ?> method for all my page content (header,footer,menu etc etc). Should that be changed to something more secure? There is nothing wrong with the include construct, and using it as described is one of its intended uses. Your original example however uses a variable as input to the include construct. I was saying it is not safe to rely on user input to determine what file 'include' actually includes. Quote Link to comment Share on other sites More sharing options...
aojbirks Posted February 2, 2011 Author Share Posted February 2, 2011 Ah okay (and phew!). So what I should put in the main page code is <?php $valid = array('home','about','whatever'); // a list of valid files. if (in_array($_GET['page'], $valid)) { include $_GET['page'] . '.php'; } ?> as a means of verifying that the page exists - I understand. So, the whole variable definition is hugely unwise, then...pity - seemed such a simple solution. Best then to create separate main pages for each menu destination... Many thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.