Jump to content

include multiple pages


raduenea

Recommended Posts

HY

 

I have index.php and pictures.php.

In index.php I have 3 columns:

- left (for menu)

- right (for advertising)

- center (where I want to include pictures.php)

 

What is the best way to include pictures.php in center of index.php

 

if($_get[pictures]){
include ("pictures.php");
}

 

I ask this because I have multiple variable like "pictures" and I will have multiple "If".

 

Or to include in DB all this variables "pictures" and just add ".php" extension. It is secure in this way ?

 

Thanks

 

Link to comment
Share on other sites

I'm guessing the case is that you need a dynamic way of including files, so that you don't end up with a lot of conditionals. If that's the case, you can use a whitelist approach:

 

index.php?include=pictures | index.php?include=gallery (just examples)

<?php
if (isset($_GET['include'])) {
     $include = $_GET['include'];
     $whitelist = array('pictures', 'gallery', 'form', 'users');
     if (in_array($include, $whitelist)) {
          include($include . '.php');
     }
}
?>

 

Hope it helps.

Link to comment
Share on other sites

@GuiltyGear you have lost me on this one. What is a whitelist approach? And could you please explain your example? Thank You.

 

The example I gave is just a simple "whitelist approach" (I named it lol). In this case, there is a specific number of pages that are going to be included and that is going to happen dynamically (via url variables for example). What happens if a visitor modifies the url or the script gives an incorrect url? The include will fail and show an error because the file doesn't exist! That's why I created an array that holds all the pages that are safe to be included (whitelist), so when a new variable comes in, it is checked if it exists in the whitelist first. In simple words, it includes only a bunch of pages, discarding all the others. Simple as that!

 

NOTE: in_array() is a function that returns true if a value exists in the array. In our case, it checks if the url variable (from $_GET) exists in the array $whitelist.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.