[RESOLVED] &quot;index.php?=blah&quot;

[RESOLVED] "index.php?=blah"

Infamous_JC

First of all, I'm not even sure if this is in the correct forum, if it isn't, then be my guest and move it.

Just to make it clear, I'm a total noob at PHP. Awhile back, I had a site and my links used to be something like index.php?=page1, index.php?=page2, etc. Well I haven't worked on this kind of stuff in a few years, and I forgot what the function is called and how to do it. I've googled a bunch of sites and found nothing. Hopefully someone can help me. All I need to know is what the function is called, and a link to tutorial.

Thanks in advance.

NogDog

More correct would be index.php?page=page1. Then in the code for index.php, the global $GET array will have an element indexed as 'page' with a value of 'page1'. So a fairly basic use of such a "query string" might be:

<?php
if(isset($_GET['page']))
{
  $page = '../includes/' . $_GET['page'] . '.php';
  if(file_exists($page))
  {
    include $page;
    exit;
  }
}
include '../includes/default.php'; // display this if no page or invalid page specified in URL
?>

Sesquipedalian

The way I have done it is a little more simple, not that much though.

<?php
if (file_exists("$act.php")) {
    include("$act.php");
} else {
    include("homepage.php");
}
?>

So when it goes to ?act=file it will include the file entitled, "file.php", and if there is nothing it will include "homepage.php".

Weedpacket

Sesquipedalian wrote:
The way I have done it is a little more simple

But a lot more fragile (it won't work on default installations of PHP, for example).

bradgrafelman

Not to mention the fact that it gives the world the power to run any .php file on your website...

Sesquipedalian

bradgrafelman wrote:
Not to mention the fact that it gives the world the power to run any .php file on your website...

Why does that matter?

Rodney_H_

Sesquipedalian wrote:
Why does that matter?

Security Flaw/Vulnerability.

One suggested remedy is to put all the files you will allow users to view into an array.

Then, check to see if the request is valid, and that the requested value is in that array of allowed files.

IF so, include file...

ELSE, throw error OR include default file...

<?php
// psuedo code
$default = 'default.php';
$allowed = array('file1.php', 'file2.php', 'file3.php');

if(isset($_GET['page']))
{
     if(in_array($_GET['page'], $allowed))
     {
          include $_GET['page'];
     }
     else include $default;
}
else  include $default;
?>

Infamous_JC

Thanks a bunch guys.

mnceo

i know this is resolved but i have 1 more suggestion that i use.

<?php
include("include/config.php");
$query="SELECT info FROM info";
$result=mysql_query($query);
$row=mysql_fetch_array($result);
?>
<?php
echo "<a href='to.php?id='$info'>Information Page</a>";
?>

SHould work.. works for me when displaying user ids on all pages in the url

Sesquipedalian

That's just even more work.. And why did you close and then open the php tag..? Rodney's code I think is the best and most secure, if I get a website again, I'll be sure to use that, not my stupid code. :p

ragedigital

One should note that the variable is also accessible through the use of $_REQUEST['page']

Sesquipedalian wrote:
And why did you close and then open the php tag..?

Probably to show that it belongs down in the HTML block for proper formatting. However, I'm not sure that he was posting to this thread to begin with...

mnceo

i was posting here... I would normally have an HTML template that had 2 parts to it and i found it better for my self to include the header, then close the tag, create the inside parts, then do the footer and close the tag, just my way of organizing alittle bit instead of seeing 500 different colors.. the red would show me tag openings and closing if i had to skim though a 1200-3000 line script

my script that i posted here might not be as secure.. but its an idea. I do all my user pages this way. I always put the Config Script in the Header or footer document then do everything else in the page document, you might think thats stupid.. but i rather have someone searching through 500 folders to find my config file instead of 2 folder. but owell, this post has been resolved for some time now and i just posted the script i normally use as an idea for the original poster.