Jump to content

i'm such a noob at php include


spacka

Recommended Posts

try this

 

<?php
$page = $_GET['page'];
$course = @$_GET['course'];

if ((isset($page) && !isset($course) && !file_exists("pages/{$page}.htm")) || (isset($page) && isset($course) && !file_exists("pages/{$page}/{$course}.htm"))) {
include("error.htm");
}
else if (isset($page) && isset($course) && file_exists("pages/{$page}/{$course}.htm")) {
include("pages/{$page}/{$course}.htm");
}
else if (isset($page) && file_exists("pages/{$page}.htm")) {
include("pages/{$page}.htm");
}
else {
include ("main.htm");
}
?>

hi.

 

sorry to delay with my reply but here's my current status.

 

the php code on index.php is:

 

<?php
	$level = $_GET['level'];
	$course = @$_GET['course'];

if (isset($level) && isset($course) && file_exists("pages/{$level}/{$course}.htm")) {
include("pages/{$level}/{$course}.htm");
}
else if (isset($level) && file_exists("pages/{$level}.htm")) {
include("pages/{$level}.htm");
}
else {
include ("main.htm");
}
?>

 

basically ive replaced "page" with "level" so its easier to understand.

 

http://69.41.171.40/arctic/vocationalacademy/index.php

 

as you can see, the links to level 1, 2 3 etc work fine:

 

http://69.41.171.40/arctic/vocationalacademy/index.php?level=AVL2&course=art

 

works!

 

however, when i enter something that does not exist (for example - http://69.41.171.40/arctic/vocationalacademy/index.php?level=AVL67755) then the error message does not display.

i dun see an error message to display, just the default page main.htm

 

u shud also consider checking for '..' in the page names as well as '/'

 

otherwise ppl gonna do all sorts of crazy things

	$level = isset($_GET['level'])?(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:''):'';
	$course = isset($_GET['course'])?(preg_match("@[^/.\s]@",$_GET['course'])?$_GET['course']:''):'';

 

$level = variable assignment

 

isset($_GET['level']) isset returns true if variable exists, so we are checking if variable level passed on url

?  the boolean operator, based on expression above, if true returns first set, otherwise return 2nd set

 

(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:'') our first set, uses preg_match to check that 'level' from url dusnt contain . or / in it, if it dusn return it, otherwise return empty string (notice it uses another boolean operation in here)

: our seperator from first and second set

'' our 2nd set, is an empty string

;

 

your code should be

 

<?php
$level = $_GET['level'];
$course = @$_GET['course'];

if ((isset($level) && !isset($course) && !file_exists("pages/{$level}.htm")) || (isset($level) && isset($course) && !file_exists("pages/{$level}/{$course}.htm"))) {
include("error.htm");
}
else if (isset($level) && isset($course) && file_exists("pages/{$level}/{$course}.htm")) {
include("pages/{$level}/{$course}.htm");
}
else if (isset($level) && file_exists("pages/{$level}.htm")) {
include("pages/{$level}.htm");
}
else {
include ("main.htm");
}
?>

thanks. ive also put the second line in the separate php tages. it now looks like this:

 

<?php

$level = @$_GET['level'];
$course = @$_GET['course'];

?>

 

and then the next lot of php is as follows:

 

<?php

if ((isset($level) && !isset($course) && !file_exists("pages/{$level}.htm")) || (isset($level) && isset($course) && !file_exists("pages/{$level}/{$course}.htm"))) {
include("error.htm");
}
else if (isset($level) && isset($course) && file_exists("pages/{$level}/{$course}.htm")) {
include("pages/{$level}/{$course}.htm");
}
else if (isset($level) && file_exists("pages/{$level}.htm")) {
include("pages/{$level}.htm");
}
else {
include ("main.htm");
}
?>

 

it works fine but is there any specific reason why it needs to be like this?

Nope, no real reason to have it coded that way

<?
$level = isset($_GET['level'])?(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:''):'';
$course = isset($_GET['course'])?(preg_match("@[^/.\s]@",$_GET['course'])?$_GET['course']:''):'';
$page= (!empty($level)? ("$level" . (!empty($course) ? "/$course":"") . ".htm") : "main.html";
if(!file_exists($page="pages/$page"))
  include("error.htm");

echo "page=$page";

?>

 

the builk of the action as u can see is taken care of here

$page= (!empty($level)? ("$level" . (!empty($course) ? "/$course":"") . ".htm") : "main.html";

 

again using boolean operations to build the page.

if built with if statements wud look like

if(!empty($level)) $page = "$level"

if(!empty($level) && !empty($course)) $page="$page/$course";

if(!empty($page)) $page="$page.htm";)

else $page= "main.html";

 

<?php
$level = isset($_GET['level'])?(preg_match("@[^/.\s]@",$_GET['level'])?$_GET['level']:''):'';
$course = isset($_GET['course'])?(preg_match("@[^/.\s]@",$_GET['course'])?$_GET['course']:''):'';
$page= (!empty($level)? ("pages/$level" . (!empty($course) ? "/$course":"") . ".htm") : "main.htm");
if(!file_exists("$page"))
  include("error.htm");

echo "page=$page";

?>

 

whoops a missing paren. but whats a missing delimeter between coders.

it logically puts the page together piece by piece noticing the different outputs you can have.

as well as testing the $_GET for '.' and '/' which can be used to access other files outside the confines of yer public html folder

 

consider

http://my.url/showpage.php?level=../otherpage

 

and it cuts down on the file_exists

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.