Proper Includes via $_GET

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

This way is better:

Code: Select all

<?php

$pages = array('main.php', 'blah.php', 'foo.php');

isset($pages[$_GET['p']]) ? include($pages[intval($_GET['p'])]) : include('default.php');

?>
Last edited by Jenk on Thu Oct 13, 2005 9:30 am, edited 1 time in total.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

pssst.. should check for the file's existance too, just in case. ;)
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

Yeah yeah smarty pants :P

But one assumed that one would only add valid and existing file names to the array :P

What's that? Assumptions are the mother of all ... oh.
User avatar
mabufo
Forum Commoner
Posts: 81
Joined: Thu Jul 10, 2003 11:11 pm
Location: Orland Park, IL
Contact:

Post by mabufo »

Jenk wrote:This way is better:

Code: Select all

<?php

$pages = array('main.php', 'blah.php', 'foo.php');

isset($pages[$_GET['p']]) ? include($pages[intval($_GET['p'])]) : include('default.php');

?>
The problem I'm having, is that I am working with a LARGE number of pages... How do I get around typing them all into an array?


Sorry for the thread necromancy.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

You could have started a new one and then just linked to this one.

And the answer to your question is databasing.
User avatar
mabufo
Forum Commoner
Posts: 81
Joined: Thu Jul 10, 2003 11:11 pm
Location: Orland Park, IL
Contact:

Post by mabufo »

superdezign wrote:You could have started a new one and then just linked to this one.
I didn't know this one existed, but thanks though.
User avatar
vigge89
Forum Regular
Posts: 875
Joined: Wed Jul 30, 2003 3:29 am
Location: Sweden

Post by vigge89 »

mabufo wrote:
superdezign wrote:You could have started a new one and then just linked to this one.
I didn't know this one existed, but thanks though.
IF you didn't know this one existed, then how come replied in it? :d
Databasing is the way to go in my opinion, an ini-file of some sort could suffice though.
User avatar
mabufo
Forum Commoner
Posts: 81
Joined: Thu Jul 10, 2003 11:11 pm
Location: Orland Park, IL
Contact:

Post by mabufo »

When you guys say databasing... what exactly are you talking about?

Someone PM me.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

A database supplied list of "valid" files.
User avatar
mabufo
Forum Commoner
Posts: 81
Joined: Thu Jul 10, 2003 11:11 pm
Location: Orland Park, IL
Contact:

Post by mabufo »

feyd wrote:A database supplied list of "valid" files.
See guys, sometimes it pays off to be a little less vague, then maybe the person asking for help could actually get somewhere.

Thank you feyd.

This brings up the all important question, how do I do that? Give me a phrase to search google for, something.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

What do you think it means?
User avatar
mabufo
Forum Commoner
Posts: 81
Joined: Thu Jul 10, 2003 11:11 pm
Location: Orland Park, IL
Contact:

Post by mabufo »

feyd wrote:What do you think it means?
I'm not a database developer, and you are not being helpful.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

mabufo wrote:I'm not a database developer, and you are not being helpful.
I may as well live up to that expectation then.
User avatar
mabufo
Forum Commoner
Posts: 81
Joined: Thu Jul 10, 2003 11:11 pm
Location: Orland Park, IL
Contact:

Post by mabufo »

feyd wrote:
mabufo wrote:I'm not a database developer, and you are not being helpful.
I may as well live up to that expectation then.
Do you give everyone the runaround like this? Or just the folks who need assistance?

EDIT: Seriously now, I come on here asking for assistance - and all you can do is poke fun at me because I don;t know what you're talking about? I thought you were supposed to be a moderator?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

mabufo wrote:Do you give everyone the runaround like this? Or just the folks who need assistance?

EDIT: Seriously now, I come on here asking for assistance - and all you can do is poke fun at me because I don;t know what you're talking about? I thought you were supposed to be a moderator?
If you're expecting a complete and total answer, which it seems you are, you'll likely be waiting some time. Many of us choose to nudge in the proper directions allow others to learn and think for themselves instead of spoon feeding answers. If you're unwilling to think on your own, or at least attempt things, then I am just as unwilling to give my time.

Now, if you had said "I have no idea where to begin in making a database return a list," instead of demanding something, you may have gotten a different response, albeit just as cryptic most likely. I don't know your personal history so I can only assume the basics of PHP knowledge which includes a minor understanding of database interaction since it's fairly fundamental to the language and the business. So, if that's wrong, tell us.
Post Reply