PHP Include Help!

tothemax

Hey everyone:

I'm having some problems with a very basic PHP script. This all was working fine on my test server, but as soon as I moved it, it doesn't seem to be working at all.

I am trying to create basic pages which pull different ini documents per link.

The code I have is:
<?php if (empty($area)) {
$area="home";
}
?>

and where I want the text, I have:
<?php if($area){include("content_includes/$area.inc");
}
?>

It keeps pulling up the home page, evidently it's not reading anything else. The path is correct. I just don't get it.

Thanks.

Kudose

$area = $_REQUEST['area'];
if(empty($area)) $area = 'home';

if(isset($area) && !empty($area))
  require_once('./content_includes/'.$area.'.inc');
else
  require_once('./content_includes/home.inc');

laserlight

Well, there is something of a security risk to just include a file specified like that without validating the incoming variable. You may have a list of valid areas in an array, and check from there, e.g.,

$areas = array('home', 'foo', 'bar', 'baz');
if (isset($_REQUEST['area']) && in_array($_REQUEST['area'], $areas)) {
    include 'content_includes/' . $_REQUEST['area'] . '.inc';
} else {
    include 'content_includes/home.inc';
}

Incidentally, it is probably redundant to write empty($area) since the check should be for the incoming variable before it is used to initialise $area. Not only that, but isset($REQUEST['area']) && !empty($REQUEST['area']) would also contain redundancy since a variable that is not empty should always be set.

Kudose

laserlight wrote:
Not only that, but isset($REQUEST['area']) && !empty($REQUEST['area']) would also contain redundancy since a variable that is not empty should always be set.

But with error reporting set to all, a notice will be generated on

if(!empty($_REQUEST['area']))

If there is no area indice, but

if(isset($_REQUEST['area']) && !empty($_REQUEST['area']))

will not.

So, is it safe to assume you should just use:

if(isset($_REQUEST['area']))

laserlight

But with error reporting set to all, a notice will be generated on

No, both isset and empty behave the same way with respect to nonexistent variables (i.e., no notice is reported), and thus both are safe to use for checking for the existence of incoming variables.

ShawnK

if(empty($_GET['area']))
{
   $area = "home";
}
else
{
   $area = $_GET['area'];
}

if(file_exists("./content_includes/". $area .".inc")
{
   include("./content_includes/". $area .".inc");
}
else
{
   include("./content_includes/home.inc");
}

ShawnK

if(empty($_GET['area']))
{
   $area = "home";
}
else
{
   $area = $_GET['area'];
}

if(file_exists("./content_includes/". $area .".inc")
{
   include("./content_includes/". $area .".inc");
}
else
{
   include("./content_includes/home.inc");
}

untested....