PHP Problem

Uchiha-Kun · October 11th, 2005, 5:50 PM

I've been using the PHP (Query Strings) 'index2.php?page=news' for some time. Now that I have transfered my files onto Surpass, it doesn't seem to work.

The Main Page has the content I have for news.php

PHP Code:


			
<!---------------START CONTENTS------------------>

<? if (file_exists("$page.html")): include("$page.html"); else: include("news.php"); endif; ?>

<!----------------END CONTENTS------------------->

But let's say another page, 'index2.php?page=contact', for instance. It shows the exact same text/content from news.php(home page). Same with all the other pages. Anyone know how I can fix this?

H · October 11th, 2005, 7:05 PM

I'll start off with saying that method of includes is deadly to use.. it can be exploited in a number of ways to do evil things to your website.

Second, it could be a case of register_globals() being disabled (a good thing) so you might want to use something like:

PHP Code:


			
<?php

if (file_exists($_GET[page].".html")): .....

?>

**David** · October 11th, 2005, 7:32 PM

ok, so instead of doing something like:

include ('yeah.html');

what would be better? I've noticed this in your own gallery:

include("includes/home.php");

so I wonder what's wrong with doing it like that.

H · October 11th, 2005, 7:49 PM

There's nothing wrong with including files in the same directory, but when you're doing it dynamically, there's a chance that something naughty from a remote server could be included. Yes, the .html part will significantly reduce that, but it's still risky to the point I urge against it.

My recommendation for a dynamic include is to put the value through a switch statement...

PHP Code:


			
<?php

switch ($_GET[page]) {



case "m00":

include("m00.php");

break;



case "cow":

include("cow.html");

break;



default:

include("defaultpage.html");

break;



}

?>

**David** · October 11th, 2005, 7:59 PM

what about doing this?

require_once($_SERVER['DOCUMENT_ROOT'].'/functions.php');

I saw that on PHPFreaks.com. http://www.phpfreaks.com/tutorials/131/0.php

Here's a question for you...what is this: ->

I have trouble looking that up in search engines but I see it in codes all over the place. Like:

Code:

		$this->result_id=mysql_query($sql) or die("SQL Used: $sql<br>".mysql_error()."<br>");
		$this->query_count++;

H · October 11th, 2005, 8:08 PM

require_once($_SERVER['DOCUMENT_ROOT'].'/functions.php');

That's perfectly OK as it's not accepting user input. When $page can be set as 'http://evilsite.tld/evilscript' it's not a safe thing.

The '->' is used in classes and objects. I haven't gotten into that as much in PHP as I have in JavaScript, so I can't go into deep details, but http://ca.php.net/class and http://ca.php.net/object should be of some help.

**David** · October 11th, 2005, 8:09 PM

ah, okie dokie. thanks for clearing all that up

Uchiha-Kun · October 11th, 2005, 9:28 PM

Well, I tried some on the methods (I'm still confused about the 'm00.php' and 'cow.html'). Where do you exactly put each file? (e.g. news.php, page.html, index2.php, etc.)

H · October 11th, 2005, 9:46 PM

The values I used were for example... You would create your own cases where if say $page has the the value of 'news' and you wanted to load the page 'news.php' it would basically look like this:

PHP Code:


			
<?php



case "news":

include("news.php");

break;



?>

October 11th, 2005, 5:50 PM	#1 (permalink)
Uchiha-Kun Registered User Fresh Surpasser Joined in Oct 2005 7 posts Gave thanks: 0 Thanked 0 times	PHP Problem I've been using the PHP (Query Strings) 'index2.php?page=news' for some time. Now that I have transfered my files onto Surpass, it doesn't seem to work. The Main Page has the content I have for news.php PHP Code: `<!---------------START CONTENTS------------------> <? if (file_exists("$page.html")): include("$page.html"); else: include("news.php"); endif; ?> <!----------------END CONTENTS------------------->` But let's say another page, 'index2.php?page=contact', for instance. It shows the exact same text/content from news.php(home page). Same with all the other pages. Anyone know how I can fix this?

October 11th, 2005, 7:05 PM	#2 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,087 posts Gave thanks: 48 Thanked 131 times	I'll start off with saying that method of includes is deadly to use.. it can be exploited in a number of ways to do evil things to your website. Second, it could be a case of register_globals() being disabled (a good thing) so you might want to use something like: PHP Code: `<?php if (file_exists($_GET[page].".html")): ..... ?>`

October 11th, 2005, 7:49 PM	#4 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,087 posts Gave thanks: 48 Thanked 131 times	There's nothing wrong with including files in the same directory, but when you're doing it dynamically, there's a chance that something naughty from a remote server could be included. Yes, the .html part will significantly reduce that, but it's still risky to the point I urge against it. My recommendation for a dynamic include is to put the value through a switch statement... PHP Code: `<?php switch ($_GET[page]) { case "m00": include("m00.php"); break; case "cow": include("cow.html"); break; default: include("defaultpage.html"); break; } ?>`

October 11th, 2005, 9:46 PM	#9 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,087 posts Gave thanks: 48 Thanked 131 times	The values I used were for example... You would create your own cases where if say $page has the the value of 'news' and you wanted to load the page 'news.php' it would basically look like this: PHP Code: `<?php case "news": include("news.php"); break; ?>`

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

October 11th, 2005, 8:08 PM	#6 (permalink)
H after g, before i Resident. Joined in Jul 2004 Lives in N,BC,CA 8,087 posts Gave thanks: 48 Thanked 131 times	require_once($_SERVER['DOCUMENT_ROOT'].'/functions.php'); That's perfectly OK as it's not accepting user input. When $page can be set as 'http://evilsite.tld/evilscript' it's not a safe thing. The '->' is used in classes and objects. I haven't gotten into that as much in PHP as I have in JavaScript, so I can't go into deep details, but http://ca.php.net/class and http://ca.php.net/object should be of some help.

October 11th, 2005, 9:28 PM	#8 (permalink)
Uchiha-Kun Registered User Fresh Surpasser Joined in Oct 2005 7 posts Gave thanks: 0 Thanked 0 times	Well, I tried some on the methods (I'm still confused about the 'm00.php' and 'cow.html'). Where do you exactly put each file? (e.g. news.php, page.html, index2.php, etc.)

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)