Page 1 of 1
index.php
Posted: Thu Jul 20, 2006 11:01 am
by thiscatis
Hello,
Does anyone know a good tutorial on working with page ID's?
What I want is that my site is :
index.php?pid=1
index.php?pid=2
And that the pageid determines the content.
I saw an example with different file inclusions, but I want the ID's to be linked to different rows in my MySQL database, so instead of file inclusions a connection to my database.
anyone?
Posted: Thu Jul 20, 2006 11:02 am
by Luke
well you would access that with $_GET['pid'] if that is what you are asking
Posted: Thu Jul 20, 2006 11:03 am
by RobertGonzalez
You are looking at creating a page controller. This is fairly easy to do. It is code intensive at first, but once it is done adding pages to your site is a snap. As for tutorials, I haven't seen any, but I am sure with a little thought and a few trials and errors, you'll it. I say give it a shot and post when things go horribly awry.
Posted: Thu Jul 20, 2006 11:13 am
by thiscatis
already got it I think.
Code: Select all
$pageid = isset($_GET['pid']) ? $_GET['pid'] : 'page1';
on top of the page
and
Code: Select all
$result = mysql_query("SELECT * FROM tblContent WHERE page='$pageid' AND username='$localuser' ")
where I want it to be
Works!
Posted: Thu Jul 20, 2006 11:15 am
by daedalus__
You can create a page controller quite easily:
Code: Select all
$page = !empty($_GET['pid']) ? $_GET['pid'] : 'default';
if (@!include_once("content/$page.php"))
{
echo "Page not found.";
}
(at least i think that qualifies)
Posted: Thu Jul 20, 2006 11:16 am
by RobertGonzalez
I think the OP said he didn't want to use includes but rather page data from the database.
Posted: Thu Jul 20, 2006 11:21 am
by daedalus__
I only read the first two lines of his post, lol.
It looks like you are on the right track though, thiscatis.
Posted: Thu Jul 20, 2006 11:25 am
by onion2k
Daedalus- wrote:You can create a page controller quite easily:
Code: Select all
$page = !empty($_GET['pid']) ? $_GET['pid'] : 'default';
if (@!include_once("content/$page.php"))
{
echo "Page not found.";
}
(at least i think that qualifies)
*PURPLE ALERT* *PURPLE ALERT*
That code is asking for trouble. Sanitise input please .. don't let user's include *everything*.
Posted: Thu Jul 20, 2006 11:26 am
by daedalus__
i didn't say it was perfect ^^
Posted: Thu Jul 20, 2006 11:32 am
by thiscatis
thiscatis wrote:already got it I think.
Code: Select all
$pageid = isset($_GET['pid']) ? $_GET['pid'] : 'page1';
on top of the page
and
Code: Select all
$result = mysql_query("SELECT * FROM tblContent WHERE page='$pageid' AND username='$localuser' ")
where I want it to be
Works!
No War!

Like I mentioned above, I got it working my way

Thanks for the input guys
Posted: Thu Jul 20, 2006 11:33 am
by Christopher
Remember filtering, validation, and error checking.
Code: Select all
if (isset($_GET['pid'])) {
$pageid = preg_replace('/[^a-zA-Z0-9\_]/', '', $_GET['pid']); // delete chars NOT in that set
} else {
$pageid = 'page1';
}
if ($localuser) {
$result = mysql_query("SELECT * FROM tblContent WHERE page='$pageid' AND username='$localuser' ")
if (mysql_num_rows() > 0) {
// query successful
} else {
// query error
}
} else {
// user error
}
// display page based on above
Posted: Thu Jul 20, 2006 11:36 am
by Luke
Yes... arborint is right... somebody could potentially run queries on your database by substituting the value of pid... VERY risky