Page 1 of 1

Undefined Variable in Security code!!!!

Posted: Tue Sep 16, 2014 2:46 pm
by cap2cap10
Hello again, members of the PHP Technorati. Again I come seeking your guidance on a matter of php syntax. I
keep getting this error code:
PHP Parse error: syntax error, unexpected T_VARIABLE :banghead:

Here is the code:

Code: Select all

function myRouter($urls){

    $urls=array( 1 =>'about.php',

                    2 =>'photos.php',

                    3 =>'contact.php',

                    4 =>'home.php'

                  );



    if (in_array($_GET['page'],array_keys($urls))) {

      readfile $urls[$_GET['page']];

    } else {

      readfile $urls[4];

    }
  }
echo myRouter() ;

Something is missing. Please enlighten me as to what I am doing wrong.
Thanks in advance.


Batoe

Re: Undefined Variable in Security code!!!!

Posted: Tue Sep 16, 2014 2:58 pm
by Celauran
Look at the readfile() signature. You probably meant

Code: Select all

    if (in_array($_GET['page'],array_keys($urls))) {

      readfile($urls[$_GET['page']]);

    } else {

      readfile($urls[4]);

    }

Re: Undefined Variable in Security code!!!!

Posted: Tue Sep 16, 2014 4:23 pm
by cap2cap10
ok, but now i am getting this error:

PHP Notice: Undefined variable: urls in C:\xampp\htdocs\test\index.php on line 7

Here is the code:

Code: Select all

<?php



 if ($urls == $_GET['page'] ){
    $urls=array( 1 =>'about.php',

                    2 =>'photos.php',

                    3 =>'contact.php',

                    4 =>'home.php'

                  );



    if (in_array($_GET['page'],array_keys($urls))) {

      readfile ($urls[$_GET['page']]);

    } else {

      readfile ($urls[4]);

    }
    }
?>

Re: Undefined Variable in Security code!!!!

Posted: Tue Sep 16, 2014 4:28 pm
by Celauran
What's going on here?

Code: Select all

if ($urls == $_GET['page'] ){

Re: Undefined Variable in Security code!!!!

Posted: Tue Sep 16, 2014 4:43 pm
by cap2cap10
Sorry foolish attempt at answering an error. Removed it and code works great.
Where could I stick in something to remove malicious code?

htmlentities($url)

or

$_GET['page'] = filter_input(INPUT_POST, 'page', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

possibly?

Re: Undefined Variable in Security code!!!!

Posted: Tue Sep 16, 2014 5:02 pm
by cap2cap10
Ok, nevermind. this works:

header("Location: ".htmlspecialchars($urls[$_GET['page']])."");

thanks

Batoe