I'm newbie on PHP, and I desperately need your help on this. I'm trying to make something like: http://www.mysite.com/index.php?page=home
I have written the following code, but it doesn't work. Please...?
<?php
switch( $_GET['page'] ) {
case "home" : $page="home.php"; break;
case "collections" : $page="collections.php"; break;
case "catalogs" : $page="catalogs.php"; break;
case "contact" : $page="contact.php"; break;
default: $page="index.php"; break;
}
?> <a href="<?php $_GET['?page=home']; ?>" target="_self" class="style1">ENTER</a>
tylerc, your solution is very dangerous, an open door for hackers. The first solution was better. I'm not sure, but I think your script would work if you would write <?php echo $_GET['?page=home']; ?> instead of <?php $_GET['?page=home']; ?>
Guys, thanks for your help! I have modified the code a bit to make more sense. Now, my problem is that when I click on "ENTER" I can't get the i.e. 'home' page. the url shows the "index.php?page=..." and just reloads the index.php.
I was hoping when the user clicks on ENTER to go to 'home' page.
I'm newbie on PHP, and I desperately need your help on this. I'm trying to make something like: http://www.mysite.com/index.php?page=home
I have written the following code, but it doesn't work. Please...?
I am also new to PHP. I will show you what I did, which there are probably better ways of doing it, but this works for me....
The following code is put in the head to determine if nothing has been assigned to the variable $content and then assigns the home page to that variable.
PHP Code:
<?PHP if ($content == ""){ $content = home; } ?>
Next is the code that displays the $content page(s) It checks for extentions .html, .php, .txt, and no extention and displays those pages, if it does not find it, it will refresh to the home page. There are more things you can do with the end of this. At some point I plan on changing this to reload an error page if the page doesn't exist as I would prefer that.
PHP Code:
<!BeginPHPContent>
<?php
if(file_exists("$content.html"))
{
include ("$content.html");
}
elseif (file_exists("$content.php"))
{
include ("$content.php");
}
elseif (file_exists("$content.txt"))
{
include ("$content.txt");
}
elseif (file_exists("$content"))
{
include ("$content");
}
else
{
echo "<meta http-equiv=refresh content=0;url=./index.php?content=home>";
}
?> <!EndPHPContent>
The next is the code for my links. This will look confusing as all get out as I had to put more code than I wanted to originally because I have an image between each link and and the lesser code method put a space between the image link and the image between the link where they need to be touching eachother.
This portion checks to see what page your on and displays the appropriate link image for if you are on the page or not. There is also a javascript that goes with this for mouseover effects. So in effect it will display one image if you are on THAT page. Another image if you are not on that page and a 3rd image altogether if you move the mouse over the link.
I am not sure, but I think that in this case, the server would execute that script.
As I said, I don't know much about security, and maybe these 2 examples don't work. However, I think that giving that much power (Letting a visitor choose the argument he wants for the "include" function) is dangerous.
As for the "define" example you gave, I don't see how it would help security. If I am not mistaken, the only thing is achieves is to disallow the call of content scripts outside index.php. But calling these content script outside index.php is not a security threat. The threat is calling an unexpected script/file from index.php.
I am not sure, but I think that in this case, the server would execute that script.
I just did some checking on this and how I've been using the includes. Your absolutely correct!!!!! I tried the index.php?content=/etc/passwd as well as many other files located in my /etc directory. HOLY $#!+ that is a HUGE security risk. Sure enough it listed the passwd file. Granted, it doesn't show passwords in a passwd file and the shadow file does not exist in the /etc directory, but it's still a risk.
I'm going to try what tylerc put and see how/if it works, but the only way I can truely see is to test the variable and see if it is one that I want to load, if not then display an error page.
I wonder if I can test this prior to loading the full page. IE: Before the <head>
Trying to figure out how to test that one variable equals one of 7 possibilities then continue loading the page. Thing that worries me is what if this turns into one of 100 possibilities in the future. Or worse yet, if there is a need for it to be one of 10,000 possibilities. I don't have a site THAT huge, but it is possible. Oh Geez! I'm brain dead at the moment, will have to think about this one.
What I did with my old script (As I said in another comment somewhere, this method is, IMHO, ugly, and slow, I now use XSLT) is that I listed all my pages in a mySQL database. The script looked for the pageneame, and if it was in the database, it returned the path that was specified on that row. Ok, this was slower, but the code was nicer.
the name of $page has to be the filename unfortuneatly, but more efficient!
Linear Mode
