passing variables through a link

Borked

I want to set up my site using php includes to supply the content. So my navbar has urls and instead of putting in an address, I put this:

<a href="<?php echo ?PHP_SELF;
?includefile=file.php'?>"

and then later on in the page, where I want the included file to appear, I put this:

  <?php
  if (isset($includefile))
  {
  include '$includefile';
  }
  ?>

But of course it doesn't work which is why I'm here. How do I pass variables through a hyperlink using ?PHP_SELF as the destination page? What else am I doing wrong in this script?

MrAlaska

If you are using a question mark in front of PHP_SELF that would be a problem. It would work better something like this:

<a href="<?php echo $PHP_SELF.'?includefile=file.php'?>"

Your script assumes globals are turned on, it sould really look more like this:

<a href="<?php echo $_SERVER['PHP_SELF'].'?includefile=file.php'?>"

Except that would allow anybody to include whatever script they felt like running on your server (including remote ones), so it should really look more like this:

<a href="<?php echo $_SERVER['PHP_SELF'].'?includefile=file'?>"

<?php
if (isset($GET['includefile']))
{
$includefile=$GET['includefile'].'.php';
include '$includefile';
}
?>

That script assumes there are no files in that directory that you would not want the user to be able to access. If there are, you would need to take a few more precautions.

EDIT: Actually, my modification would still be unsecure, it should really look more like this:

<?php
if (isset($GET['includefile']))
{
$includefile=$GET['includefile'];
if ($includefile=='file') include 'file.php';
}
?>

If you have a lot of files, it might be better to use a switch statement.

Borked

I just tested your script, but it didn't work, at least the bottom part. I'm not using a form, therefore I'm not using either the GET or POST methods, so I don't see how anything will end up in those arrays.

Is there any practical difference between

<a href="<?php echo $PHP_SELF.'?includefile=file.php'?>"
and this
<a href="<?php echo $_SERVER['PHP_SELF'].'?includefile=file.php'?>"

except that in future versions of PHP they may take out the $PHP_INFO variable in favor of just having it as part of the $_SERVER array?

PS..thanks for help on the first part 😃

Borked

by the way, I get this error when I run the script

Not Found
The requested URL

Notice: Use of undefined constant PHP_SELF - assumed 'PHP_SELF' in C:/Program Files/Apache Group/Apache2/htdocs/masondep.php on line 68 masondep.php was not found on this server.

Line 68 is this line:
<a href="<?php echo $_SERVER[PHP_SELF].'?include=writing.php'?>"

also, why does this syntax work:

if ($includefile=='file') include 'file.php';

shouldnt it be
if ($includefile=='file')
{
include 'file.php';
}

MrAlaska

Originally posted by Borked
I just tested your script, but it didn't work, at least the bottom part. I'm not using a form, therefore I'm not using either the GET or POST methods, so I don't see how anything will end up in those arrays.

When passing in the URL you ARE using the GET method, just the same as if you were using a form.

Make a test page named 'test.php' with the following code then send your browser to:
test.php?test=variable_in_URL

<?php
if (!empty($_GET) || !empty($HTTP_GET_VARS)) {
	if (isset($_GET)) {
		echo "From _GET: ".
			$_GET['test'];
	}
	if (isset($HTTP_GET_VARS)) {
		echo "<br>From HTTP_GET_VARS : ".
			$HTTP_GET_VARS['test'];
	}
}
?>

Originally posted by Borked
Is there any practical difference between

<a href="<?php echo $PHP_SELF.'?includefile=file.php'?>"
and this
<a href="<?php echo $_SERVER['PHP_SELF'].'?includefile=file.php'?>"

The first method assumes globals are turned on, it will not work if globals are turned off.

Originally posted by Borked PS..thanks for help on the first part 😃

Something worked? KEWL

Originally posted by Borked
by the way, I get this error when I run the script

Not Found
The requested URL

Make sure the file is in the same directory and the name is spelled exactly the same

Originally posted by Borked
Notice: Use of undefined constant PHP_SELF - assumed 'PHP_SELF' in C:/Program Files/Apache Group/Apache2/htdocs/masondep.php on line 68 masondep.php was not found on this server.

Line 68 is this line:
<a href="<?php echo $_SERVER[PHP_SELF].'?include=writing.php'?>"

If you copied that code from me, it means I didn't fix it quick enough :o

You need quotes on PHP_SELF ($_SERVER['PHP_SELF']) A lot of configurations will not even alert such notices. You have your server set up to display all notices which is GOOD for developing purposes.

Originally posted by Borked

also, why does this syntax work:

if ($includefile=='file') include 'file.php';

shouldnt it be
if ($includefile=='file')
{
include 'file.php';
}

The second way is better because it is intuitive, easier to read, and easier to modify. You can get away without using the hitch-cocks (aka curly braces) if you only have one line in your condition. I demonstrated it that way mostly because I was being lazy. Ternary expressions put an if else all on one line for even more compact code for the lazy typer 😃

Ternary: (expr1) ? (expr2) : (expr3);

Borked

it works! now I have to make the html includes!. And hmm, now I have to think about how to do sub categories from the includes page... have the include pages include pages of their own maybe. Or use javascript, and have it load all the subcontent but only display the part you want. Who knows? the possibilities are endless. 😃