php help
Posted by BattleMasterGaara, 02-06-2011, 10:44 PM What code do i use just to switch the content of my body by clicking links but not having to remake the make th build of the page? like main page would be index.php and if you click a link it would change link to look something like index.php?page=contactus.html and the content would be on a word document just labeled contactus.html and each link would just switch the bodys content? please help???!!?!?!?
Posted by foobic, 02-07-2011, 12:36 AM It sounds like you need a "getting started with PHP tutorial" - plenty of those are out there. Perhaps this one from the PHP manual would be a good place to start (the manual should be in your bookmarks anyway). Simplest is to have your php file as a template containing the bulk of the document and including the html (not word) document with the PHP include statement. Be very careful with with this though because an all too common new-programmer mistake is to leave this open to a remote file include exploit, which could let an attacker take over your entire hosting account. If you're not keen to start from scratch then just use one of the many open-source CMS scripts instead - they'll all do what you're asking for and much more. Wordpress is very popular. [Moving to programming]
Posted by pmwebster, 02-07-2011, 12:39 AM You're going to want to read up on post variables, but the secure way to do it is more or less this: 1. set an array of 'safe' pages to be included: $safe_pages = array('home.html', 'contact.html', 'about.html', 'news.html'); 2. see if the page is a safe one (after setting your post variable) and then include it if(in_array($post, $safe_pages)) { include($post); } Just make sure you have headers in both pages -- your included page should only be the content. In the index page, you're going to want to have the page setup like: <-- php code -->
Posted by BattleMasterGaara, 02-07-2011, 05:17 PM tyvm im gonna try these
Posted by BattleMasterGaara, 02-08-2011, 02:42 PM Ok so i think im getting close to getting it.... haha From the index.php to index.php to index.php?page=folder/contactus.html but it only shows index and no content from the contactus.html? Can any one see something wrong with my code?
Posted by phpcoder, 02-08-2011, 03:52 PM Your code (currently) would try too verify and include: index.phpfolder/contactus.htmlphp Don't forget that you will want to sanitize the data as well before doing an include (at the very least).
Posted by coderiser, 02-08-2011, 04:35 PM you would want to use javacript for this using hid and display commands
Posted by Drinian, 02-08-2011, 06:21 PM At a quick glance you're specifying a page called "folder/contactus.html" as a GET parameter, however your include statement tries to load a php file: include('index.php'.$page.'php'); So if $page=="folder/contactus.html" your code is trying to include: "index.phpfolder/contactus.htmlphp" I think
Posted by pmwebster, 02-08-2011, 06:26 PM Try this: If you're using a folder structure, don't forget your '/' in the concatenation strings i.e. include ('folder/' . $page)
Posted by johnstevebravo, 02-12-2011, 12:52 PM Use the following.
Posted by pmwebster, 02-12-2011, 05:10 PM johnstevebravo, that's not a good idea. It may be more beneficial to use a require, you're right, however leaving the post variable wide open like that is asking to get hacked.
Posted by foobic, 02-12-2011, 08:27 PM Not asking, begging! BattleMasterGaara (and anyone else who may be reading this) do not use that code snippet. It's a classic example of the exploitable PHP I mentioned earlier. pmwebster has already shown a couple of examples of how to secure this using file_exists and (better) in_array. Whatever you choose, you must do something to secure your page against unexpected / malicious inputs. Last edited by foobic; 02-12-2011 at 08:30 PM. Reason: Additional