POST &amp; include()

POST & include()

heepofajeep

On my home.php page, I want to make it so that all the featured sections, such as links or articles, can be handled with an included file.

This works fine, but my problem comes from using an html form in the links.php file. The action of that form directs the browser to mysite/home/links.php, which then includes links.php-- but when links.php is loaded, it does not see any of the POST information (kind of hard to explain-- does this make sense?).

Basically, I cannot gather post information from an included file, so what would be the best solution?

I do not really have server-side access through my server [servage.net].

Thank you very much for any help!

Ludichrist

You want your form to have a hidden field with the php file that you want to include (this is a security risk btw). that way, in home.php you have:

<html>
blah
blah
<?
if(!empty($_POST['nextPage'])){
    include $_POST['nextPage'];
}

There's more to it than that, but that'll get you started.

heepofajeep

Hmm, I guess I am not quite sure what you mean, but I think I get the jest of it. How is it a security risk? (that might just clear up the explanation for me a little, too).

Ludichrist

If you want to have only 1 url for your visitors, and that url includes whatever script they might need, then you need a consistant way to facilitate this.

One way is to make sure that all internal links call your home.php page. So, whenever you force a redirect (for example, when a form is submitted), or the user clicks on a link, you need a way to tell home.php which script should be included.

If you are redirecting as a result of a form submission, you can use a hidden field in the form that holds the name of the script you need to call from home.php. If a user clicks on a link, you'd have to include the page in the url (ex: home.php?page=whatever).

There is a security risk either way because a user could manipulate the url or the form data and they could have your home.php script include anything that is readable by your webserver. If they call something that isn't a php page, the browser will display it in plain text.

If you need to use this kind of structure, I'd suggest trying to use session variables instead. It requires a little more thought to get it to work in all cases though.