PHP die function

[scferg]

I have a website setup using the simple navigation function, like: http://website.com/index.php?page=blah

 

The only problem is that if they typed in a page that does not exist, it returns with PHP not found errors. So, how do I make so that if the page is not found, another file is loaded, like error404.html ?

 

I've tried some other codes, but either don't work at all, or don't work right. I'm a novice with PHP, so I could really use some help with this.

[Stooney]

Well it depends on how you're going about showing the actual page.  Are you using a switch statement? etc.

 

you could try

 

<?php
if(file_exists("$_GET['page'].php")){
    include("$_GET['page'].php");
}
else{
    include("error.php");
}
?>

 

edit: fixed an error

[rhodesa]

Well it depends on how you're going about showing the actual page.  Are you using a switch statement? etc.

 

you could try

 

<?php
if(file_exists($_GET['page'])){
    include("$_GET['page'].php");
}
else{
    include("error.php");
}
?>

 

Yeah...this is the normal way...but it should be

if(file_exists($_GET['page'].'.php')){

 

 

[Stooney]

Another thought, you could use a switch statement for more control:

 

switch($_GET['page']){
    case 'home':
        include("home.php");
        break;
    case 'about':
        include("about.php");
        break;
    default:
        include("error.php");
        break;
}

[priti]

one more thought to do the same is working in your .htaccess file by writing a rule about error 404 .when ever response form server is 404  page not found then show some particular page .

 

ErrorDocument 404 /path/to/404.html

 

Regards

 

[scferg]

Well, I do have a server 404 error, but my PHP just returns with a bunch of not found errors. Is there just a simple way to have text saying "Page not found" ?

[rhodesa]

How are you deciding on content to display? As in, can you paste the code where you work with the $_GET['page'] variable? There are lot's of solutions, and if you shows us what you have, it will be easier to provide you with the best solution.

[scferg]

			<?php
				if($section && $page) {include("./$section/$page"); }
				elseif($page == "case1") {
				echo "case1 goes here no page was written for this statement.";}
				elseif($page) {include("./$page.html");}
				else {$number=10; $only_active=TRUE; include("./news/show_news.php"); }
			?>

 

Don't laugh about how pathetic it is

[rhodesa]

<?php

  $error_page = "./404.php";

  if($section && $page) {

    if(file_exists("./$section/$page"))

      include("./$section/$page");

    else

      include($error_page);

  }elseif($page == "case1") {

    echo "case1 goes here no page was written for this statement.";

  }elseif($page) {

    if(file_exists("./$page"))

      include("./$page.html");

    else

      include($error_page);

  }else {

    $number=10;

    $only_active=TRUE;

    include("./news/show_news.php");

  }

?>

[scferg]

Hmm..it seemed to work, until I used the nav. It goes to the error page, when the page does exist...

[rhodesa]

What are the GET variables in the URL that produce the error? So, index.php?{what is here}

 

Also, I assumed there is code above this that sets $page and $section from their respective GET vars. Am I wrong to assume this?

[scferg]

You're correct. Like, if you wanted to go to my contact page... you'd enter http://website.com/index.php?page=contact

[rhodesa]

Ok...let's start from the top...

 

<?php
  $error_page = "./404.php";
  $page = $_GET['page'];
  $section = $_GET['section'];

  if($page == "case1") { //Handle special cases first
    echo "case1 goes here no page was written for this statement.";
  } elseif($page) { //Page requested
    $path = "{$page}.html";
    if($section) //Add section
      $path = "{$section}/{$path}";
    if(file_exists($path))
      include($path);
    else
      include($error_page);
  } else { //Default
    $number=10;
    $only_active=TRUE;
    include("./news/show_news.php");
  }
?>

 

this code has a big security flaw though as it allows people to possibly see files on your computer that they shouldn't see. but, for now, let's just see if we can get this working....

[scferg]

On my computer or server? O_O

[scferg]

Tried it! Works, perfect! Now...about that security flaw...

[rhodesa]

server...wherever the index.php script is

 

to be safe, you should only allow page keys to be letters, numbers, and underscores

 

  ...
  } elseif($page) { //Page requested
    $path = "{$page}.html";
    if($section) //Add section
      $path = "{$section}/{$path}";
    //Check keys and existance
    if(preg_match('/^\w+$/',$page) && preg_match('/^\w+$/',$section) && file_exists($path))
      include($path); //Good to go...include it
    else
      include($error_page); //Error page
  } else { //Default
  ...

[scferg]

Err...what do I do with that code?

 

Sorry for my lack of knowledge about PHP

[rhodesa]

It was just a snippet of the lines I updated. Here it is in it's entirety:

 

<?php
  $error_page = "./404.php";
  $page = $_GET['page'];
  $section = $_GET['section'];

  if($page == "case1") { //Handle special cases first
    echo "case1 goes here no page was written for this statement.";
  } elseif($page) { //Page requested
    $path = "{$page}.html";
    if($section) //Add section
      $path = "{$section}/{$path}";
    //Check keys and existance
    if(preg_match('/^\w+$/',$page) && preg_match('/^\w+$/',$section) && file_exists($path))
      include($path); //Good to go...include it
    else
      include($error_page); //Error page
  } else { //Default
    $number=10;
    $only_active=TRUE;
    include("./news/show_news.php");
  }
?>

[scferg]

Now it's back to showing the 404 error page when the page does exist.

 

I've got to go...school tomorrow, so I won't respond until tomorrow.

 

Thanks for your help 

[rhodesa]

try this out tomorrow:

 

<?php
  $error_page = "./404.php";
  $page = $_GET['page'];
  $section = $_GET['section'];

  if($page == "case1") { //Handle special cases first
    echo "case1 goes here no page was written for this statement.";
  } elseif($page) { //Page requested
    $path = "{$page}.html";
    if($section) //Add section
      $path = "{$section}/{$path}";
    //Check keys and existance
    if(preg_match('/^\w+$/',$page) && preg_match('/^\w*$/',$section) && file_exists($path))
      include($path); //Good to go...include it
    else
      include($error_page); //Error page
  } else { //Default
    $number=10;
    $only_active=TRUE;
    include("./news/show_news.php");
  }
?>

[rhodesa]

grr....that has a security hole...this should be good though:

 

<?php
  $error_page = "./404.php";
  $page = $_GET['page'];
  $section = $_GET['section'];

  if($page == "case1") { //Handle special cases first
    echo "case1 goes here no page was written for this statement.";
  } elseif($page) { //Page requested
    $path = "{$page}.html";
    if($section) //Add section
      $path = "{$section}/{$path}";
    //Check keys and existance
    if( preg_match('/^\w+$/',$page) && 
        (!strlen($section) || preg_match('/^\w+$/',$section)) && 
        file_exists($path)
      )
      include($path); //Good to go...include it
    else
      include($error_page); //Error page
  } else { //Default
    $number=10;
    $only_active=TRUE;
    include("./news/show_news.php");
  }
?>

[scferg]

I'll try that code, but my FTP server is being stupid, so I don't know how long it'll be until I can upload anything to test it.

[rhodesa]

You don't have a local php install for testing? If you are using Windows, check out WAMP

[scferg]

Yup, it works. Thanks!

[scferg]

So, is this code more secure than my original one? And if so, in what way?