Help with ?PageID=
Moderator: General Moderators
-
Todlerone
- Forum Commoner
- Posts: 96
- Joined: Sun Oct 28, 2007 10:20 pm
- Location: Hamilton, Ontario, Canada
Help with ?PageID=
Hello, everyone. Thank-you in advance for any help/suggestions to this post. I'm just curious if anyone knows of any good tutorials and/or books that help explain the use of page templating (not sure if this is the correct word for it). By this I mean, the use of header/footer includes with dynamic main page. I currently have implemented a header and footer include on my individual .php pages but like the idea of the "?PageID=". This technique seems to be at risk for code injection (what isn't, right?) but alot of the online quicky tutorials don't explain much about doing it correctly/safely. CHEERS. 
- aceconcepts
- DevNet Resident
- Posts: 1424
- Joined: Mon Feb 06, 2006 11:26 am
- Location: London
Re: Help with ?PageID=
In terms of security, maybe http://uk.php.net/urlencode will be of some interest.
Re: Help with ?PageID=
I don't know of any good tutorials but you can basically grab something from the URL by using the $_GET variable. Here is an example:
You will also have to take methods of securing the script from vulnerabilities. So if the URL is expected to be an integer you could use
Or if you are expecting only certain pages, such as home, about, contact
Basically the switch() function is what controls what page to include. You would simply include your header or footer above or below the switch. In this instance, using $_GET['id'] would make it
I hope this helps you get started.
Code: Select all
$page = $_GET['id'];
switch ($page) {
case 'home';
default:
include('home.php');
break;
case 'about';
include('about.php');
break;
// and so on....
}
Code: Select all
$page = (int)$_GET['id'];
Code: Select all
$allowed_variables = array('home', 'about', 'contact');
$page = (in_array($_GET['id'], $allowed_variables) ? $_GET['id'] : 'home'); // this is saying that if the $_GET['id'] is not in the above array to set it default to 'home'
Basically the switch() function is what controls what page to include. You would simply include your header or footer above or below the switch. In this instance, using $_GET['id'] would make it
Code: Select all
page.php?id=
-
Todlerone
- Forum Commoner
- Posts: 96
- Joined: Sun Oct 28, 2007 10:20 pm
- Location: Hamilton, Ontario, Canada
Re: Help with ?PageID=
Thank-you very much (both replies). Is this the common way of acheiving this?
Re: Help with ?PageID=
Yes, it's the common way. If you were lazy to hardcode each page entry or if you have a large number of pages you could try this:
However all your pages that you would like to include must be inside the 'pages' subdirectory. All sensitive files (which you dont want to be included) should be outside.
Checking with basename() will make sure that the filename doesn't try to wander around other directories (will catch characters like '/' and '.')
Disclaimer: I am not 100% sure of the security of this snippet though, don't use it unless some other more experienced users confirm that it is safe.
Code: Select all
<?php
include_once 'header.php';
$file = $_GET['page'] . '.php';
if( $file != basename($file) || !file_exists('./pages/'.$file) )
{
$file = 'index.php';
}
include './pages/' . $file;
include_once 'footer.php';
?>Checking with basename() will make sure that the filename doesn't try to wander around other directories (will catch characters like '/' and '.')
Disclaimer: I am not 100% sure of the security of this snippet though, don't use it unless some other more experienced users confirm that it is safe.