include()

fjharris

Could anyone tell me why this would not work:

include ("$_GET['content'].html");

I have searched the web pretty thoroughly and cant find the proper syntax...

Thanks,

Fraser

Pig

Don't put the array in the quotes.

include($_GET['blah'] . ".html");

Be careful if you are using this code on a public area of your site. Users could easily exploit this scenario to get files that you don't want, even if they are in a protected dir.

swr

There are problems with arrays in quotes, but there is a way to do it while still in quotes:

include ("{$_GET['content']}.html");

The curly brackets tell PHP where your variable starts and ends (otherwise it's not sure if the square brackets are part of the variable or part of the string literal). See the strings section of the PHP manual for more info.

There are security issues with what you're doing, as Pig suggested. Someone could go

http://www.example.com/yourscript.php?content=some/protected/file and bypass any protections you have (including .htaccess).

There was a recent thread about how to do it safely:
http://www.phpbuilder.com/board/showthread.php?s=&threadid=10269554

Pig

That's true. I'm used to just stepping out of the string. Either way is fine.