Page 1 of 1

index.php

Posted: Thu Jul 20, 2006 11:01 am
by thiscatis
Hello,

Does anyone know a good tutorial on working with page ID's?

What I want is that my site is :

index.php?pid=1
index.php?pid=2

And that the pageid determines the content.
I saw an example with different file inclusions, but I want the ID's to be linked to different rows in my MySQL database, so instead of file inclusions a connection to my database.

anyone?

Posted: Thu Jul 20, 2006 11:02 am
by Luke
well you would access that with $_GET['pid'] if that is what you are asking

Posted: Thu Jul 20, 2006 11:03 am
by RobertGonzalez
You are looking at creating a page controller. This is fairly easy to do. It is code intensive at first, but once it is done adding pages to your site is a snap. As for tutorials, I haven't seen any, but I am sure with a little thought and a few trials and errors, you'll it. I say give it a shot and post when things go horribly awry.

Posted: Thu Jul 20, 2006 11:13 am
by thiscatis
already got it I think.

Code: Select all

$pageid = isset($_GET['pid']) ? $_GET['pid'] : 'page1';
on top of the page

and

Code: Select all

$result = mysql_query("SELECT * FROM tblContent WHERE page='$pageid' AND username='$localuser' ")
where I want it to be ;)

Works!

Posted: Thu Jul 20, 2006 11:15 am
by daedalus__
You can create a page controller quite easily:

Code: Select all

$page = !empty($_GET['pid']) ? $_GET['pid'] : 'default';

if (@!include_once("content/$page.php"))
{
   echo "Page not found.";
}
(at least i think that qualifies)

Posted: Thu Jul 20, 2006 11:16 am
by RobertGonzalez
I think the OP said he didn't want to use includes but rather page data from the database.

Posted: Thu Jul 20, 2006 11:21 am
by daedalus__
I only read the first two lines of his post, lol.

It looks like you are on the right track though, thiscatis.

Posted: Thu Jul 20, 2006 11:25 am
by onion2k
Daedalus- wrote:You can create a page controller quite easily:

Code: Select all

$page = !empty($_GET['pid']) ? $_GET['pid'] : 'default';

if (@!include_once("content/$page.php"))
{
   echo "Page not found.";
}
(at least i think that qualifies)
*PURPLE ALERT* *PURPLE ALERT*

That code is asking for trouble. Sanitise input please .. don't let user's include *everything*.

Posted: Thu Jul 20, 2006 11:26 am
by daedalus__
i didn't say it was perfect ^^

Posted: Thu Jul 20, 2006 11:32 am
by thiscatis
thiscatis wrote:already got it I think.

Code: Select all

$pageid = isset($_GET['pid']) ? $_GET['pid'] : 'page1';
on top of the page

and

Code: Select all

$result = mysql_query("SELECT * FROM tblContent WHERE page='$pageid' AND username='$localuser' ")
where I want it to be ;)

Works!
No War! :)
Like I mentioned above, I got it working my way ;)
Thanks for the input guys

Posted: Thu Jul 20, 2006 11:33 am
by Christopher
Remember filtering, validation, and error checking.

Code: Select all

if (isset($_GET['pid'])) {
     $pageid = preg_replace('/[^a-zA-Z0-9\_]/', '', $_GET['pid']);     // delete chars NOT in that set
} else {
     $pageid = 'page1';
}
if ($localuser) {
     $result = mysql_query("SELECT * FROM tblContent WHERE page='$pageid' AND username='$localuser' ")
     if (mysql_num_rows() > 0) {
          // query successful
     } else {
          // query error
    }
} else {
     // user error
}
// display page based on above

Posted: Thu Jul 20, 2006 11:36 am
by Luke
Yes... arborint is right... somebody could potentially run queries on your database by substituting the value of pid... VERY risky