PHP NAVIGATION INCLUD HELP PLEAS

renik

is there a way to have this work without having to add the case option within the include tag.

just don't remember how. Because adding multiple pages the include script is going to get very length and very messy.

#
Navigation include script:
#
<?php
#
$id = $_GET["idn"];
#
$id = addslashes(strip_tags($id));
#

#
switch( $id )
#
{
#
default:
#
include 'nav/homenav.php';
#
break;
#

#
case 'homenav' :
#
include 'nav/homenav.php';
#
break;
#

#
case 'tournav' :
#
include 'nav/tournav.php';
#
break;
#

#
case 'infonav' :
#
include 'nav/infonav.php';
#
break;
#

#
case 'disconav' :
#
include 'nav/disconav.php';
#
break;
#

#
case 'bandnav' :
#
include 'nav/bandnav.php';
#
break;
#

#
case 'picsnav' :
#
include 'nav/picsnav.php';
#
break;
#

#
case 'fannav' :
#
include 'nav/fannav.php';
#
break;
#
}
#
?>
#

chasiv

Looks like all the pages are in nav folder and the filename is always the $id.

If(!isset($id)) { 
   $file = 'nav/homenav.php'; 
} else {
   $file = 'nav/' . $id . 'php';
}

include $file;

waptech

chasiv wrote:
Looks like all the pages are in nav folder and the filename is always the $id.
If(!isset($id)) { 
   $file = 'nav/homenav.php'; 
} else {
   $file = 'nav/' . $id . 'php';
}

include $file;
  

sorry syntax error there, u forgot a "."

If(!isset($id)) { 
   $file = 'nav/homenav.php'; 
} else {
   $file = 'nav/' . $id . '.php';
}

include $file;

renik

i mean like i wanna the link to open on the layout on the include page idk if i'm explain it right with out the tag

NogDog

Be careful: you'd best do some filtering/validation of the $GET['idn'] value, or some malicious user is going to start experimenting with relative paths to see if he can find something "interesting".

$file = 'nav/homenav.php';
if(isset($_GET['idn']))
{
   $idn = basename(trim($_GET['idn']));
   if(is_readable('nav/' . $idn . '.php'))
   {
      $file = 'nav/' . $idn . '.php';
   }
}
include $file;

waptech

NogDog wrote:
Be careful: you'd best do some filtering/validation of the $GET['idn'] value, or some malicious user is going to start experimenting with relative paths to see if he can find something "interesting".
$file = 'nav/homenav.php';
if(isset($_GET['idn']))
{
   $idn = basename(trim($_GET['idn']));
   if(is_readable('nav/' . $idn . '.php'))
   {
      $file = 'nav/' . $idn . '.php';
   }
}
include $file;

true but there shouldnt be anything interesting in the nav/ directery, just what the users need to see right?

NogDog

http://www.yoursite.com/page.php?idn=../../personal_data/list_contacts

Then if you just try to include the value of $_GET['idn'], in effect you do:

include 'nav/../../personal_data/list_contacts.php';

Which is equivalent to:

include '../personal_data/list_contacts.php';

Now, they have to guess the directory structure and what names you use for the files, and in this case the file would need a .php extension; but why risk it when a little defensive coding can prevent it?

renik

ok i wanna it to work like www.eminemlounge.com how that site has it and link the navigation like open the other pages in the layout so that way i don't have to add the layout in every page

waptech

NogDog wrote:
http://www.yoursite.com/page.php?idn=../../personal_data/list_contacts
Then if you just try to include the value of $_GET['idn'], in effect you do:
include 'nav/../../personal_data/list_contacts.php';
Which is equivalent to:
include '../personal_data/list_contacts.php';
Now, they have to guess the directory structure and what names you use for the files, and in this case the file would need a .php extension; but why risk it when a little defensive coding can prevent it?

Oh, you learn something new everyday. I see now. Thanks