Page 1 of 1
Newbie Question =/
Posted: Sun Mar 23, 2003 9:34 am
by dz0
Hello, I ave a question, I want to have my index.php as a sort of template, where I have the center table that shows a php page. Example,
http://mydomain.com/index.php?section=news would yield index.php with the center frame containing news.php. Do I use an array? eek im confused

[/quote]
Posted: Sun Mar 23, 2003 11:37 am
by McGruff
You could download copies of various open source CMS - like postNuke - for some examples.
Basically, it's all done with includes. If your index.php file processes the query string ($_SERVER['QUERY_STRING'] - or use the $_GET array) you can select a file to include. In effect, every page viewed in the browser is built in the index.php page.
This method is also used to "hide" php (search around for 'mod rewrite'): Basically you use an Apache setting to parse php files with the .php extension removed. That lets you get rid of the "?" which will choke many internet search engines (but not google or hotbot AFAIK) as well as some other benefits such as tidier query strings and hiding the names of vars (hackers can still substitute values in the query string - but at least they won't know exactly what they're changing).
Here's some code to give you some ideas. It would take a URL like
http://www.site.com/[b]index.php?page=news_list_4[/b]
There's just one $_GET var ($page) and different values within it are underscore separated. The first bit is a module name, the rest are vars to switch / case to different functions and pass arguments to them.
The first IF leg processes a $page var and is the bit you might be interested in; the ELSE case just draws a home page when no $page var is passed (anything you like here).
It works, but maybe could be tidied up a bit.
Code: Select all
IF (isset($_GET['page'])) {
$page=explode("_", $_GET['page']); // separate out the individual VARS
next($page); // declare any other VARS which may be present, after the module name
$x=1;
while (list(, $value) = each ($page)) { // loop works but can probably be tidied up a bit
$str = "id" . $x;
$$str = $value;
$x++;
}
$module=$page[0]; // get module name
$modpath="modules/" . $module . ".php"; // define include path to the module file
//print_r($page); #DEBUG
//echo '<p>' . $modpath . '</p>'; #DEBUG
include($modpath);
} ELSE {
//... whatever you need to draw a home page...
}
[/b]
Posted: Sun Mar 23, 2003 3:48 pm
by spammich
McGruff:
I agree with your theory, but I'm not sure I get the whole _GET thing. Wouldn't it be easier to call the page like this:
index.php?page=elpago¶m1=foo¶m2=bar
and then have php code like this?
Code: Select all
if ( ! array_key_exists($_REQUEST, 'page') )
$_REQUEST['page'] = 'index';
switch ( $_REQUEST['page'] )
{
case 'elpago':
if ( $_REQUEST['param1'] == 'foo' )
{ ... }
include ( 'elpago.inc.php' );
break;
case 'elpago2':
include ( ' elpago2.inc.php' );
break;
case 'index':
case default:
include ( ' index.inc.php' );
}
The one thing you
definately don't want to do is this:
Code: Select all
include ( $_REQUEST['page'] . ".php" );
This can be a big security risk. The switch statement helps made sure only pages you want are included.
Posted: Sun Mar 23, 2003 5:30 pm
by McGruff
I guess I was going a bit beyond the original question but, since the plan was to call all pages through index.php, I wanted to mention the mod rewrite thing - which requires a bit of exploding as above.
Yes - you don't have to pass vars in an underscore (etc) separated string and, if you don't, it saves some lines of code exploding the bits of data out later.
There is maybe a small security gain from passing everything in one GET var since you don't name vars used in your code: someone can still substitute values in the URL easily enough but they can't tell what they're changing. Also tidies up those clumsy php URLs with endless &var1=x&var2=y..etc
As a rule I prefer to use $_GET / $_POST / $_COOKIE in preference to $_REQUEST since it helps to ensure vars aren't being substituted.
include("modules/" . $module . ".php") would only include php files in a "modules" folder so should be OK.