Page 1 of 1
Includeing a file
Posted: Thu Feb 06, 2003 4:29 am
by oldtimer
Okay first of all I use includes all the time but not in this manor.
I have a page where when a variable is passed I want to include a file. I have used the file.php?id=XX alot for grabing information from a DB. However now I want to include the $value.
In this case it is an html page that I want to include. When I first did this I did not use a DB but rather a crude work around. Like this
Code: Select all
<?php
if ($articles==4) { include("html/files/aboutus.html"); }
?>
I want to be able to always build this page dynamically and generate my html files on the fly.
When I include the file I get nothing.
Code: Select all
<?php
include("html/files/$article_name");
?>
Posted: Thu Feb 06, 2003 4:36 am
by oldtimer
Never mind. My error. I was looking for
Code: Select all
<?php
$sqlquery = "SELECT * From articles where aid='".$aid."'";
?>
instead of
Code: Select all
<?php
$sqlquery = "SELECT * From articles where aid='".$articles."'";
?>
When my link was
Code: Select all
<a href="articles2.php?articles=<? echo $aid; ?>"><? echo $test; ?></a>
Posted: Thu Feb 06, 2003 4:41 am
by ReDucTor
besure when including like that do security checks for .. and /
<a href="articles2.php?articles=<?=$aid?>"><?=$test?></a>
Looks neater

Posted: Thu Feb 06, 2003 4:52 am
by oldtimer
If accept articles I will do that. But for now I enter them all in and I only have to put the file name in there. No one else has access to this part but me. Thanks for the warning though. My next revision I will have to do that.
Posted: Thu Feb 06, 2003 5:15 am
by lazy_yogi
umm .. how exactly does the = work there
with <? =$var ?>
is it just another way to say echo ?
Posted: Thu Feb 06, 2003 5:29 am
by ReDucTor
yes
Posted: Thu Feb 06, 2003 10:42 am
by volka
if
short_open_tag is enabled (only to keep it in mind

)
Posted: Thu Feb 06, 2003 8:01 pm
by McGruff
ReDucTor wrote:besure when including like that do security checks for .. and /
<a href="articles2.php?articles=<?=$aid?>"><?=$test?></a>
Looks neater

Do you mean you must always check for ".."and "/" in the include path string?
Posted: Fri Feb 07, 2003 1:44 am
by Stoker
if using request-data (post/get/cookie/session) in any file or shell operation you must always check that there can be no manipulation of path, in general I would say that it is a lot smarter to allow what you expect instead of dissalow what you dont want, that way you are safe if there is something you didn't think about.. In some cases tho, it may be required to accept a single dot but not a double..