switch

HerbRodenhaber

ok i have the folowing coded ... i need to get the title of each page to load in the header.php when a switch is done

<?PHP

$location=$_GET['location'];
if (empty($location)) {$location='Index';}

changelocation($location);

function changelocation($location) {
include ('Header.php');
//include ('Config.php');
//include ('Functions.php');
echo '<table cols="2" border="0" cellpadding="10" cellspacing="0" align="center" width="100%">';
echo '<tr>';
echo '<div>';
echo '<td width="200" bgcolor="9191FE" valign="top">';
include('Navbar.php');
echo '</td>';
echo'</div>';
echo '<td>';
switch ($location) {
	case 'Index':
		include ('Default.php');
		break;
	case 'Achievements':
        include ('Achievements.php');
        break;
    case 'Abilities':
        include ('Abilities.php');
        break;
    case 'Guilds':
        include ('Guilds.php');
        break;
    case 'glyphs':
        include ('Glyphs.php');
        break;
    case 'WebLinks':
        include ('WebLinks.php');
        break;
    case 'gems':
        include ('Gems.php');
        break;
    case 'Download':
        include ('Download_to_Excel.php');
        break;
}
echo '</td></tr></table>';
include ('Footer.php');
}



?>

i tryed to add $title into each case with the appropriate discriptions but that didnt help ... i even moved all the html code into each case thinking that the header was loading before the switch was done ... that didnt help either ... any ideas??
im drawing a blank here ... anyone have a idea ??

traq

If you're trying to get some value from the page you include during the switch statement and insert it into the header.php file, you can't - you've already moved on from header.php.

However, I am not entirely clear if that's what you are trying to do. Please explain further if I've misunderstood.

HerbRodenhaber;10988347 wrote:

ok i have the folowing coded ... i need to get the title of each page to load in the header.php when a switch is done

<?PHP

$location=$_GET['location'];
if (empty($location)) {$location='Index';}

changelocation($location);

function changelocation($location) {
include ('Header.php');
//include ('Config.php');
//include ('Functions.php');
echo '<table cols="2" border="0" cellpadding="10" cellspacing="0" align="center" width="100%">';
echo '<tr>';
echo '<div>';
echo '<td width="200" bgcolor="9191FE" valign="top">';
include('Navbar.php');
echo '</td>';
echo'</div>';
echo '<td>';
switch ($location) {
	case 'Index':
		include ('Default.php');
		break;
	case 'Achievements':
        include ('Achievements.php');
        break;
    case 'Abilities':
        include ('Abilities.php');
        break;
    case 'Guilds':
        include ('Guilds.php');
        break;
    case 'glyphs':
        include ('Glyphs.php');
        break;
    case 'WebLinks':
        include ('WebLinks.php');
        break;
    case 'gems':
        include ('Gems.php');
        break;
    case 'Download':
        include ('Download_to_Excel.php');
        break;
}
echo '</td></tr></table>';
include ('Footer.php');
}



?>

HerbRodenhaber

traq;10988348 wrote:
If you're trying to get some value from the page you include during the switch statement and insert it into the header.php file, you can't - you've already moved on from header.php.

However, I am not entirely clear if that's what you are trying to do. Please explain further if I've misunderstood.

"If you're trying to get some value from the page you include during the switch statement and insert it into the header.php file, you can't - you've already moved on from header.php."

yep that exactly what i am trying to do .... any ideas how to fix it ?? maybe move the header.php into the switch ???

johanafm

$location=$_GET['location'];
if (empty($location)) {$location='Index';}
changelocation($location);

# $location must be provided according to the function definition
function changelocation($location) {
	# so you will have a location in $location (or an error in your code)

# And since Header.php is included inside this function, the code in Header.php
# will have the same scope as the function does, which means it can reference
# this variable.
# However, I could enter a URL on my own, like
# 	http://example.com?location=Does+not+20exist
# So you might want to validate $_GET['location'] before including Header.php

static $valid_locations = array('Index', 'Achievements', ...);
if (!in_array($location, $valid_locations))
	$location = 'Index');
include 'Header.php';

switch ($location) {
	case 'Index':
		include 'Default.php';
		break;
	case 'Download':
		include 'Download_to_Excel.php';
		break;
	/* and after the in_array check above, you can simplify to */
	default:
		include $location . '.php';
}
}

?>

And I recommend ditching the parentheses around the included/required file, since they are not required but highly missleading.

echo include('file.php').'more stuff';

echo (include 'file.php').'more stuff';

The first line tries to include the file 'file.php.more stuff' and echo the return value (defaults to null), while the second line includes the file 'file.php' and echoes it returned value which is concatenated by 'more stuff'.

traq

// echo include('file.php').'more stuff';
// echo (include 'file.php').'more stuff';

// actually, I'd recommend against both of those approaches:
include('file.php');
echo 'more stuff';

HerbRodenhaber

thank you both ... for all the great suggestions .... i did change part of the script as i liked the way i could use a default switch and not have to add one every time i added a new page ...

question ... i dont see why you would want to validate the $location ... as changing the location variable to something that doesnt exist gets you nowhere it would just not load the page ... how does this help anyone ?? what am i missing here ... i mean i could have the page generate the array on the fly by having it read the directory but is this really needed??

thanks again
Herb

traq

HerbRodenhaber;10988403 wrote:
question ... i dont see why you would want to validate the $location ... as changing the location variable to something that doesnt exist gets you nowhere it would just not load the page ... how does this help anyone ?? what am i missing here ...

short answer:

always assume user input is bad -meaning "error-prone" and/or "evil".
always validate & sanitize your inputs.

to elaborate:

What if you have some page on your site that is not supposed to be publicly available? Say you have a password-protected directory - your visitor can't access it without the password. BUT, if they enter the correct URL into your form, that page will be displayed - completely circumventing your password.

Take it even further: there are configuration files and CGI scripts, and maybe other stuff, on your web server. Normally, it's all "above" the web root - it's inaccessible via the internet - in order to keep the server safe. With your form, a visitor could enter a relative URL (like [font=monospace]/../CGI-bin/some-script-or-whatever.cgi[/font]), and gain access to that file.

Or, a simpler concern: you're creating an error where there doesn't need to be one.

[font=monospace]Warning: include(nonexistent.php) [function.include]: failed to open stream: No such file or directory in /opt/lampp/htdocs/sand/eval.php(9) : line xx

Warning: include() [function.include]: Failed opening 'nonexistent.php' for inclusion (include_path='.:/opt/lampp/lib/php') in /opt/lampp/htdocs/sand/eval.php(9) : line xx[/font]

In fact, throwing such an error on purpose could be the first step of examining your server setup for possible attack points.

SO,
always validate & sanitize your inputs.

johanafm

HerbRodenhaber;10988403 wrote:
question ... i dont see why you would want to validate the $location

You actually previously where doing just this, by keeping each and every ok value hard coded in the cases of the switch statement. My rewrite of those cases kept only the special cases, that is when the location value did not directly match a file name, and otherwise, in the default part, includes the file directly indicated by the location value. And since I changed that part, another means of validation became necessary. All in all, either approach is perfectly valid, and you should use the code you find to be easier to read and write.

traq;10988382 wrote:
include('file.php');
echo 'more stuff';

This does not do the same thing since it does not echo the return value from the included file, unless of course the return value evaluates to the empty string, and also still keeps the unnecessary and misguiding parentheses. My only point in my example code is that

include('file').'.php';

incldues the file "file.php" and NOT the file "file".

So, in short, what I recommeded was to drop all parentheses.

include 'file.php';

HerbRodenhaber

ok thanks again ...i see now why you would need to validate the $location... my logic was flawed 😉

ill write the validation part of the script later today after work

thanks again

later

HerbRodenhaber

here ya go instant array on the fly ...

if ($handle = opendir('.')) {
while (false !== ($file = readdir($handle))) {
    if (
    $file != "." && 
    $file != ".." && 
    $file != "Header.php" && 
    $file != "Footer.php" && 
    $file != "Index.php" && 
    $file != "favicon.ico" && 
    $file != "Navbar.php" && 
    $file != "Functions.php" && 
    $file != "Config.php" &&
    $file != "robots.txt" &&  
    $file != "images") {
    	   $filename = substr($file, 0, -4);
        $valid['locations'][] = $filename; 
        //echo "<pre>"; 
        //print_r($valid['locations']); 
    }  
}
closedir($handle);

}

if (!in_array($location, $valid['locations'])) {$location = 'Home';}

makes the default switch much more usefull then a static array