alen Posted February 14, 2007 Share Posted February 14, 2007 This is my include script: <?PHP $incpath = "include"; $default = "index"; $getarray = "side"; $filendelse = "php"; if (isset($_GET[$getarray])) { include_once ("$incpath/".$_GET[$getarray].".$filendelse"); } else { include_once ("$incpath/$default.$filendelse"); } ?> It works like this, I have a index.php file in the include folder and a index.php file in the public_html folder. When I enter localhost I get the content of index.php in the include folder since index.php in the public_html folder includes the index file in the include folder. And I have some other links in the include folder too, and I can easily change to another link with http://localhost/index.php?id=name - But let's say I don't have a file named hello.php in the include folder. How can I make the script automatically open a file called 404.php then? Best regards Your friendly neighbour Alen! Quote Link to comment Share on other sites More sharing options...
Balmung-San Posted February 14, 2007 Share Posted February 14, 2007 Sanitize your $_GET variables. Don't just use them right away. You would use file_exists() to check if the file you wish to include exists before including it. If it doesn't, then you would include the 404.php file. Quote Link to comment Share on other sites More sharing options...
alen Posted February 14, 2007 Author Share Posted February 14, 2007 What about this, <?php error_reporting(0); $filnavn = $_GET['var']; $filendelse = '.php'; if (!$filnavn) { $filnavn = 'default'; } if (!eregi("^((.*)/)", $filnavn)) { include $filnavn . $filendelse; } else { include "404.php"; } ?> It works fine, but when I go to index.php?var=unknownpage I doesn't include 404.php. How can I use file_exists() here? I use if (!eregi("^((.*)/)", $filnavn)) so people can't access other folders. Quote Link to comment Share on other sites More sharing options...
Balmung-San Posted February 14, 2007 Share Posted February 14, 2007 Do a file_exists on what you would include before you include it. Quote Link to comment Share on other sites More sharing options...
alen Posted February 14, 2007 Author Share Posted February 14, 2007 <?php error_reporting(0); $filnavn = $_GET['var']; $filendelse = '.php'; if (!$filnavn) { $filnavn = 'default'; } $filnavn = 'include'; if (file_exists($filnavn)) { include $filnavn . $filendelse; } else { include "404.php"; } if (!eregi("^((.*)/)", $filnavn)) { include $filnavn . $filendelse; } else { include "404.php"; } ?> This must be wrong. Couldn't you just help me out a little. Give me a jumpstart? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.