PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
switch ($_GETї'what']) {
case "game_rules":
include("../path/rules.file");
break;
case "TOS":
include("../path/tos.file");
break;
case "secret":
include("../path/jokes.file");
break;
default:
print("<P>Please make a selection</P>
");
printOptionsMenu();
}
There are other ways to do it too. It is up to you.
I've tried to mess around with the URLs for a while, but everything seems secure. Then again, I'm a n00b so I dont know what I'm talking about.
Do you mind <span style='color:blue' title='I'm naughty, are you naughty?'>smurf</span> around with it and telling me if something is up?
Thanks amigo!
Because they can only access php files and not password files etc...
Personally I don't like to use includes to inclode html pages anyway.
I always include a header footer in the pages rather than the other way around.
Of course, you could always verify that the requested file actually exists on the local system before attempting to include it. You could also pattern match it. You could also take a nap. The latter may not have immediate benefits, but you may awaken refreshed and ready for inspiration.
If you are using a DB to store your contents, you can also
.. example table Contents
...example fields title (limit to certain size.) and data (make it larger than title ..) maybe description
set up an entry to be your default page. ie INSERT INTO Contents (title,data,description) VALUES ("Default","content for entry goes here. ie a link list..make sure to striplslashes etc","Default page")
have a index.php?title=Default page with whatever you want,
query the db for the entries
use a while loop to check for any entries (mysql_num_rows) and if a result is returned simply loop each entries contents (title and desc) into a table.. in the url for each do something like
<td width="200"><a href="something.com/this.php?title=<?print"$row->title>$description?></a></td>
at end of loop make sure to close table..
now that i think about this, maybe this was't quite what you were looking for.. but for a new php user this can be exciting.
from what i've seen i'd still say that using in_array would be the most secure method w/o all of the lengthy if statements. rather than having an if for each link.. just put the valid files in an array and check if they're valid before including.
using the dir/var.php could be cracked by creating the same dir name and file name and including that from a different server leaving off the dir and .php
using isset wouldn't help security wise, just would prevent (like the func name) unset variables from being included.