URL vars

Rackie

hello,

I used to use links including variables to then include stuff.
Normally I did this with

and then

<?php include("$pid.php"); ?>

on the next page, but since I switched servers this doesn't work anymore, but I've tried other (free) servers but it still doesn't work.

Is it the server or is it the code?

Thx

devinemke

use this instead:

include($_GET['pid'] . '.php');

generally speaking , it is not very good practice to directly call a file based on user input like that without proper validation. what's to stop me from typing the following in my browser:

http://www.Rackie.com/index.php?pid=whatever_file_i_want

your script would then failthfully run the following code:

include('whatever_file_i_want.php');

which may not be what you want.

Rackie

Thx,
hmm good point, I'll try to think about that

Drakla

use $_GET['pid'], that's where all your variables passed via the url live.

And all variables posted by forms live in $_POST

Rackie

ow thx again =)

we've learned something new today at 23.19 what about that :p

bradgrafelman

Looks like this is already resolved, but the following code would add not only security but also error surpressing, so you don't get a nasty E_WARNING if 'pid=' isn't present...

$pid = intval(@$_GET['pid']);