dumb coder

sonicfusion

can someone please tell me whats wrong with this cause i'm too dumb to understand it! [i'm very VERY new to php 😃 ]

<?php
$id = ""
$id = $HTTP_GET_VARS["id"]
if ($id == "") {
require('inc/index.php')
}
else
{
require("inc/$id.php")
}
?>

midol

umm, I don't know what your trying to accomplish with your if statement, but you don't have any semi-colons and that will cause parse errors. Here is the code w/ correct semi-colon use.

<?php 
$id = ""; 
$id = $HTTP_GET_VARS["id"];
if ($id == "") { 
require('inc/index.php');
} 
else 
{ 
require("inc/$id.php");
} 
?>

I don't know if you just left those out when you posted or if you didn't have the altogether. But if you didn't have them at all you might wanna look at scripts and study when semi-colons are used and where they aren't.

prasit

Originally posted by sonicfusion
can someone please tell me whats wrong with this cause i'm too dumb to understand it! [i'm very VERY new to php 😃 ]

<?php
$id = ""
$id = $HTTP_GET_VARS["id"]
if ($id == "") {
require('inc/index.php')
}
else
{
require("inc/$id.php")
}
?>

the programmer wants to use only this script to bring up different page e.g. http://yourdomain.com?id=login, it will bring up included page of "inc/login.php" and this login.php, I guess, would show the login form and do the login function. if login succeed, then it will call http://yourdomain.com?id=my_first_page, which will bring "inc/my_first_page.php" and so on.

ps: semi-colon is not an issue when you have 1 statement in a block.

mcrbids

This is a very bad script from a security standpoint. For example, if some black hat posted a url like this:

http://yourscript.php?id=../../../../etc/passwd?

or some variation of it, you just might end up showing them your password file!

Add code like this:

<? 
$id=trim($_REQUEST[id]); 
$acceptable=array(
'index', 
'page1', 
'page2', 
'page3'
); 
if (!in_array($acceptable, $id)) 
 die ('Invalid request'); 
else include ('inc/'.$id); 
?>

This does the same as below with much improved security!

Originally posted by midol
umm, I don't know what your trying to accomplish with your if statement, but you don't have any semi-colons and that will cause parse errors. Here is the code w/ correct semi-colon use.
<?php 
$id = ""; 
$id = $HTTP_GET_VARS["id"];
if ($id == "") { 
require('inc/index.php');
} 
else 
{ 
require("inc/$id.php");
} 
?>
I don't know if you just left those out when you posted or if you didn't have the altogether. But if you didn't have them at all you might wanna look at scripts and study when semi-colons are used and where they aren't. [/B]