wrathican Posted May 10, 2007 Share Posted May 10, 2007 hi i what i am doing is i am loading a page into another page depending on what a variable is set to using the get method. this is what determines what page to be shown: <?php $p = $_GET['p']; if ( !empty($p) && file_exists('./pages/' . $p . '.php') && stristr( $p, '.' ) == False ) { $file = './pages/' . $p . '.php'; } else { $file = './pages/default.php'; } include $file; ?> on one of the pages to be included i am using an if statement to decide which section to show based again on what the variable is. i am unsure whether i am doing this right or not, because i keep getting a parse error or nemurous kinds. would someone please take a look at my code and tell me what i am doing wrong? thanks here is the code for the page that is included: <?php include("misc.inc"); if ($p == "portfolio") { echo' <table width="650" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="325" height="250" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td height="19" colspan="2" valign="top"><a href="../section.php?=html">HTML</a></td> </tr> <tr> <td width="118" height="113" valign="top"><!--DWLayoutEmptyCell--> </td> <td width="207" valign="top"><!--DWLayoutEmptyCell--> </td> </tr> <tr> <td height="118" valign="top"><!--DWLayoutEmptyCell--> </td> <td valign="top"><!--DWLayoutEmptyCell--> </td> </tr> </table></td> <td width="325" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td height="19" colspan="2" valign="top"><a href="../section.php?=flash">FLASH>/a></td> </tr> <tr> <td width="118" height="113" valign="top"><!--DWLayoutEmptyCell--> </td> <td width="207" valign="top"><!--DWLayoutEmptyCell--> </td> </tr> <tr> <td height="118" valign="top"><!--DWLayoutEmptyCell--> </td> <td valign="top"><!--DWLayoutEmptyCell--> </td> </tr> </table></td> </tr> <tr> <td height="250" valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td height="19" colspan="2" valign="top"><a href="../section.php?=3d">3D</a></td> </tr> <tr> <td width="113" height="113" valign="top"><!--DWLayoutEmptyCell--> </td> <td width="212" valign="top"><!--DWLayoutEmptyCell--> </td> </tr> <tr> <td height="118" valign="top"><!--DWLayoutEmptyCell--> </td> <td valign="top"><!--DWLayoutEmptyCell--> </td> </tr> </table></td> <td valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr></a> <td height="19" colspan="2" valign="top"><a href="../section.php?=imagery">IMAGERY</td> </tr> <tr> <td width="118" height="113" valign="top"><!--DWLayoutEmptyCell--> </td> <td width="207" valign="top"><!--DWLayoutEmptyCell--> </td> </tr> <tr> <td height="118" valign="top"><!--DWLayoutEmptyCell--> </td> <td valign="top"><!--DWLayoutEmptyCell--> </td> </tr> </table></td> </tr> </table>'; } else { $query = "SELECT * FROM project WHERE proj_section=" . $p . " ORDER BY proj_id"; $result = mysql_query($query,$cxn) or die ("couldnt execute query"); while ($row = mysql_fetch_assoc($result)) { extract($row); echo '<table width="650" border="0" cellpadding="0" cellspacing="0"> <!--DWLayoutTable--> <tr> <td height="30" colspan="2" valign="top">' . $proj_title . '</td> </tr> <tr> <td width="200" height="200" valign="top"><img src="'.$imagepath.'"> </td> <td width="450" rowspan="2" valign="top">' . $proj_descrip . '</td> </tr> <tr> <td height="170" valign="top">This project was added on ' . $proj_date . '.<br> <a href="' . $proj_url . '">CLICK HERE</a> to view the project. </td> </tr> </table>'; } ?> Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/ Share on other sites More sharing options...
heckenschutze Posted May 10, 2007 Share Posted May 10, 2007 I see potential MySQL injection, research what it is and how to avoid it. Also FALSE is a constant, use false or FALSE not False... PHP isn't case sensitive, but you should be. Also URL injection is also possible... consider if $p was ../../../myimportantfile.php then you'd include ./pages/../../../myimportantfile.php or somesuch, NOT what you would be wanting, consider a switch() to ensure only files you want are included. Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249697 Share on other sites More sharing options...
wrathican Posted May 10, 2007 Author Share Posted May 10, 2007 thanks for your reply! i totally undertand the need for escaping and security when using the get method. the reason i used it was because it was the first way of navigation i came across. once i have my method of navigation sorted i will add more security. how would i use a switch statement? ive looked it up and dont understand it completely. in the first section of my If statement i have 4 other links: html, flash, 3d, and imagery. when a user clicks on one of these it sets the variable. this variable is then passed back to the page and the if statement is run again this time moving on to the second section and using the variable in other places to show items from my database. i understand how to navigate through pages using the get method they way i have. but if i used a switch would'nt i need to include a case for each of the 4 links i have? if i did this would make the file rather large and confusing. where as the if statement i am using only requires two 'cases' because i am setting the variable for the section to show and the switch method would require 5 'cases'. am i right in thinking so or would you be able to point me in the right direction? Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249735 Share on other sites More sharing options...
wrathican Posted May 10, 2007 Author Share Posted May 10, 2007 so i think ive figured switch statements. i use a switch statement to set a variable. then use that variable in ani statement to get the right section to appear.... would that be better? Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249773 Share on other sites More sharing options...
per1os Posted May 10, 2007 Share Posted May 10, 2007 Switch would be better. Do not be afraid to have 5 cases etc. Using that methodology someone else can figure out what you were doing. Using the one above it takes some time and thinking. I would say create the code with a switch statement and see if that works/looks better. If it is giving you troubles post another topic and mark this one solved. Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249793 Share on other sites More sharing options...
wrathican Posted May 10, 2007 Author Share Posted May 10, 2007 i needed to reopen this because i still need help with an if statement: this one: <?php include ("./misc.inc"); switch($_GET['p']) { case "portfolio": //shows the main portfolio page $page = 'default'; break; case "html": //sets the variable to html $page = 'html'; break; case "flash": //sets the variable to flash $page = 'flash'; break; case "3d": //sets the variable to 3d $page = '3d'; break; case "imagery": //sets the variable to imagery $page = 'imagery'; break; default: $file = "/pages/error.php"; break; } //if statement that decides which section to show if($page == portfolio) { for some reason it doesnt show the first part (portfolio) Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249940 Share on other sites More sharing options...
per1os Posted May 10, 2007 Share Posted May 10, 2007 Where do you ever set $page equal to protfolio. I only see the change of $_GET['p'] being equaled to portfolio. Also portfolio should be surrounded in single or double quotes. Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249943 Share on other sites More sharing options...
wrathican Posted May 10, 2007 Author Share Posted May 10, 2007 what i thought was happening was that when i click the portfolio link on the main page it set $p = portfolio with this the switch command in that page sets the include file to $file = pages/portfolio.php the script in the portfolio.php has a switch statement that sets a variable ($page) depending on the value of $p that script then contains an if statement to see if the value of page is portfolio, if it is display something if not display something else am i right? Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249961 Share on other sites More sharing options...
per1os Posted May 10, 2007 Share Posted May 10, 2007 Nope, your logic is as such. If $_GET['p'] is equal to portofolio set $page equal to 'default' No where in the switch statement is $page being set to portfolio. Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249966 Share on other sites More sharing options...
wrathican Posted May 10, 2007 Author Share Posted May 10, 2007 omg, thank you ever so much, i kept reading through and i didnt realise that i had set it to default instead of portfolio. now it works yaaaaay!!!!! Quote Link to comment https://forums.phpfreaks.com/topic/50782-solved-help-if-statements/#findComment-249973 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.