php?id=

[spinal]

hi,

I was woundering if someone with php knowledge could help me out here, I want to do these php?id= codes, but I dont know what i would do to get these to work?

[Scott]

What do you want to use them for? Just for looks or to actually do something?

[spinal]

Quote:

Originally posted by Panther
What do you want to use them for? Just for looks or to actually do something?

i want to make them work, like these two sites..

www.imusion.net
and
http://www.christie.shadowedvisions.....php?page=home

[JonM]

well there's a few ways...if u know php this will be easier lol...


1-

<?
if($page=="page1"){
do actions here
}
elseif($page=="page2")
{
do actions here
}
else
{
do actions here
}
?>

2-

<?
switch($page)
{
case page1
yourfunctionor stuff here
break;
case page2
yourfunction or stuff here
break;
case page3
yourfunction or stuff here
break;
}
?>

then put in your link index.php?page=page1 or whatever, and it doesn't have to be index.php , it could be pages.php or whatver ,

[Trojan]

yuck, lol. Is that Greek? lmao

[DevilDog#1]

Na, just programming lingo, If else do & Switch and Case conditions.

[Trojan]

haha, I know what it is. I'm learing it also. It makes me feel dumb though.

[NaughtyPerry]

erm something like <?php include ("$id.php"); ?>

Where u want the content to go, put <?php include ("$id.php"); ?>

Then all pages you want ie id?=home etc are called name.php and are in same folder as the index page....

[DevilDog#1]

Quote:

Originally posted by troj
haha, I know what it is. I'm learing it also. It makes me feel dumb though.

QA guy here. Better write working code. I back to the drawing board buddy.

[Scott]

Except you guys are leaving out one major thing.

SECURITY.

include("$id.php"); if VERY bad..... think about it

index.php?id=http://somesite.com/badfile

will include http://somesite.com/badfile.php.

security checks are a must when including files from the address bar...

If(file_exists("/path/$id.php")) {
include("/path/$id.php");
}

is not nessarely ok either (tested myself) because now it's

index.php?id=http://somesite.com/../../../somefile_that_ends_in_php_from_another_domain_on_t he_server

so what do you do?
<?

If(!eregi("^[-?_?a-z0-9]+$",$id)) { // Will only allow alpha numeric chars with - or _'s in the name.
exit("Bad include file");
} Elseif(file_exists("/path/$id.php")) {
include("/path/$id.php");
} Else {
Exit("Bad include file");
}
?>

[Trojan]

cool man

[JonM]

panther do u do includes, or have all the codin in index.php?

[spinal]

you what now?

ok, which code should I use? Im new to php, but i can work my way around php.

[Scott]

Elite: Yes I use includes, 1 included file for every section on this site.


xusion:
If(!eregi("^[-?_?a-z0-9]+$",$id)) { // Will only allow alpha numeric chars with - or _'s in the name.
exit("Bad include file");
} Elseif(file_exists("/path/$id.php")) {
include("/path/$id.php");
} Else {
Exit("Bad include file");
}

[NaughtyPerry]

panther, sorry to bother you... i tried that... and it doesnt work??

i put this in main index bit and i cant get it to work at all...


If(!eregi("^[-?_?a-z0-9]+$",$id)) { // Will only allow alpha numeric chars with - or _'s in the name.
exit("Bad include file");
} Elseif(file_exists("/path/$id.php")) {
include("/path/$id.php");
} Else {
Exit("Bad include file");
}


www.erazor-studios.net/a51/

any ideas??

[IcIshoot]

put $id = $_GET['id']; at the beggining of the script.

There is a an other way to get the submitted date using the extract function, you can read up on that here:

http://us2.php.net/manual/en/function.extract.php

Also, in the script by panther, you need to replace the /path with your info. If the $id.php file is in the same folder as the script, you can just take out /path/.

IcI


ps, note to others... examples should probably assume that register_globals is off, and that the person asking may not know how to retrieve the data passed to the script. Just a thought