Help with ?PageID=

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Todlerone
Forum Commoner
Posts: 96
Joined: Sun Oct 28, 2007 10:20 pm
Location: Hamilton, Ontario, Canada

Help with ?PageID=

Post by Todlerone »

Hello, everyone. Thank-you in advance for any help/suggestions to this post. I'm just curious if anyone knows of any good tutorials and/or books that help explain the use of page templating (not sure if this is the correct word for it). By this I mean, the use of header/footer includes with dynamic main page. I currently have implemented a header and footer include on my individual .php pages but like the idea of the "?PageID=". This technique seems to be at risk for code injection (what isn't, right?) but alot of the online quicky tutorials don't explain much about doing it correctly/safely. CHEERS. :D
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Re: Help with ?PageID=

Post by aceconcepts »

In terms of security, maybe http://uk.php.net/urlencode will be of some interest.
User avatar
lafever
Forum Commoner
Posts: 99
Joined: Sat Apr 05, 2008 2:03 pm
Location: Taylor, MI

Re: Help with ?PageID=

Post by lafever »

I don't know of any good tutorials but you can basically grab something from the URL by using the $_GET variable. Here is an example:

Code: Select all

 
$page = $_GET['id'];
 
switch ($page) {
     case 'home';
     default:
        include('home.php');
     break;
 
     case 'about';
        include('about.php');
     break;
 
     // and so on....
}
 
You will also have to take methods of securing the script from vulnerabilities. So if the URL is expected to be an integer you could use

Code: Select all

 
$page = (int)$_GET['id'];
 
Or if you are expecting only certain pages, such as home, about, contact

Code: Select all

 
$allowed_variables = array('home', 'about', 'contact');
$page = (in_array($_GET['id'], $allowed_variables) ? $_GET['id'] : 'home'); // this is saying that if the $_GET['id'] is not in the above array to set it default to 'home'
 

Basically the switch() function is what controls what page to include. You would simply include your header or footer above or below the switch. In this instance, using $_GET['id'] would make it

Code: Select all

 
page.php?id=
 
I hope this helps you get started.
Todlerone
Forum Commoner
Posts: 96
Joined: Sun Oct 28, 2007 10:20 pm
Location: Hamilton, Ontario, Canada

Re: Help with ?PageID=

Post by Todlerone »

Thank-you very much (both replies). Is this the common way of acheiving this?
User avatar
Verminox
Forum Contributor
Posts: 101
Joined: Sun May 07, 2006 5:19 am

Re: Help with ?PageID=

Post by Verminox »

Yes, it's the common way. If you were lazy to hardcode each page entry or if you have a large number of pages you could try this:

Code: Select all

<?php
include_once 'header.php';
 
$file = $_GET['page'] . '.php';
if( $file != basename($file) || !file_exists('./pages/'.$file) )
{
    $file = 'index.php';
}
 
include './pages/' . $file;
 
include_once 'footer.php';
?>
However all your pages that you would like to include must be inside the 'pages' subdirectory. All sensitive files (which you dont want to be included) should be outside.
Checking with basename() will make sure that the filename doesn't try to wander around other directories (will catch characters like '/' and '.')

Disclaimer: I am not 100% sure of the security of this snippet though, don't use it unless some other more experienced users confirm that it is safe.
Post Reply