Undefined Variable in Security code!!!!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Undefined Variable in Security code!!!!

Post by cap2cap10 »

Hello again, members of the PHP Technorati. Again I come seeking your guidance on a matter of php syntax. I
keep getting this error code:
PHP Parse error: syntax error, unexpected T_VARIABLE :banghead:

Here is the code:

Code: Select all

function myRouter($urls){

    $urls=array( 1 =>'about.php',

                    2 =>'photos.php',

                    3 =>'contact.php',

                    4 =>'home.php'

                  );



    if (in_array($_GET['page'],array_keys($urls))) {

      readfile $urls[$_GET['page']];

    } else {

      readfile $urls[4];

    }
  }
echo myRouter() ;

Something is missing. Please enlighten me as to what I am doing wrong.
Thanks in advance.


Batoe
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Undefined Variable in Security code!!!!

Post by Celauran »

Look at the readfile() signature. You probably meant

Code: Select all

    if (in_array($_GET['page'],array_keys($urls))) {

      readfile($urls[$_GET['page']]);

    } else {

      readfile($urls[4]);

    }
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Re: Undefined Variable in Security code!!!!

Post by cap2cap10 »

ok, but now i am getting this error:

PHP Notice: Undefined variable: urls in C:\xampp\htdocs\test\index.php on line 7

Here is the code:

Code: Select all

<?php



 if ($urls == $_GET['page'] ){
    $urls=array( 1 =>'about.php',

                    2 =>'photos.php',

                    3 =>'contact.php',

                    4 =>'home.php'

                  );



    if (in_array($_GET['page'],array_keys($urls))) {

      readfile ($urls[$_GET['page']]);

    } else {

      readfile ($urls[4]);

    }
    }
?>
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: Undefined Variable in Security code!!!!

Post by Celauran »

What's going on here?

Code: Select all

if ($urls == $_GET['page'] ){
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Re: Undefined Variable in Security code!!!!

Post by cap2cap10 »

Sorry foolish attempt at answering an error. Removed it and code works great.
Where could I stick in something to remove malicious code?

htmlentities($url)

or

$_GET['page'] = filter_input(INPUT_POST, 'page', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

possibly?
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Re: Undefined Variable in Security code!!!!

Post by cap2cap10 »

Ok, nevermind. this works:

header("Location: ".htmlspecialchars($urls[$_GET['page']])."");

thanks

Batoe
Post Reply