PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
PHP Frameworks such as Zend, Cake and Symphony have a robust system for those types of schemes. At the very simplest, you can do something like the following:
pytrin wrote:A different approach is to check against a white-list array of allowed scripts. This way you have better control over what gets included, and where.
tr0gd0rr wrote:PHP Frameworks such as Zend, Cake and Symphony have a robust system for those types of schemes. At the very simplest, you can do something like the following:
The preg_match() check is just a simple security measure to ensure that the action string does not contain characters such as . or /
You can also use apache's mod_rewrite in .htaccess file to change pretty urls such as "/myaction/" into "index.php?action=myaction"
So guys where do these codes go? I suppose index.php? and the rest of the variable pages, r they supposed to be in a separate folder with a ref 'include' function?
I'm not sure exactly what you're asking. These scripts would be in an index.php page and all urls would be something like "index.php?action=home" which would include "home.php" from whatever directory you want. For example, line 4 of my snippet "$script = "./actions/$action.php";" would look for "home.php" in the same directory that contains "index.php".
I'm not sure exactly what you're asking. These scripts would be in an index.php page and all urls would be something like "index.php?action=home" which would include "home.php" from whatever directory you want. For example, line 4 of my snippet "$script = "./actions/$action.php";" would look for "home.php" in the same directory that contains "index.php".
What if u wanted to parameterize from a login page say "login.php" and then other restricted pages?
Sure, you can do the same thing for a login.php that we've done for index.php. The code would be essentially no different except maybe in login.php you want to check authentication. You can restrict access from directly accessing any of the pages by having all files except index.php and login.php outside the web root.
For example put scripts in /var/www/myapp/actions/, put index.php and login.php in /var/www/myapp/public/ and setup your web root so that http://example.com/ points to /var/www/myapp/public/. Then in line 4 of my snippet go up one directory: "$script = "../actions/$action.php";"