Jump to content

simple include problem


Audiotech

Recommended Posts

Haven't posted here for quite a while but I'm working on my first php driven website and am having a few problems with some includes that I'm sure you'll find to be fairly basic and obvious.

 

What I'm trying to do is get my "home" page to load into a division when you initially visit my site.  The header and footer had an include that contains various links which include this home page.  The navigation links to the start page work perfectly and as expected, however when the site is visited initially all I get is a blank space in the main content division.  The site in question is linked here...

 

http://valvetech.byethost14.com/

 

The code that I'm using is as follows and I'm at a complete loss as to what I'm doing wrong.

<div id="center_column">

<?php
$url = '';
if (!empty($_GET['category'])) {
	$url .= $_GET['category'] . '/';
}
if (!empty($_GET['page'])) {
	$url .= $_GET['page'] . '.php';
}
include $url;
?>
</div>

 

Thanks in advance for any assistance anybody can give me because I'm at the end of my rope on what should be a fairly easy problem to fix.

 

-Carl

 

 

Link to comment
Share on other sites

this isvery dangerous.. and very susceptible to an XSS attack.. I would suggest you to prepend a directory or something to the included file at the least.. or to be more secure toss the values thru a switch statement..

 

or at even a lower level of security.. remove "include/" from the urls and put: "include/" as the initial value to $url..

 

and your problem is.. when there is no category or page values you don't default to any categories :)..

 

try this..

$url = 'include/';
if (!empty($_GET['category'])) {
  // do your thing here
  $url .= $_GET['category']."/";
} else {
  // ahhhh now we're gonna handle what happens when no category is given..
  $url .= "global/";
}
if (!empty($_GET['page'])) {
  // do your thing here
  $url .= $_GET['page'].".php";
} else {
  // ahhhh now we're gonna handle what happens when no page is given..
  $url .= "new1.php";
}

 

note this could be done in 3 lines.. but to keep it within your code I just copy/pasted and edited :)

Link to comment
Share on other sites

thanks for the quick reply and excuse my ignorance but I don't understand what exactly you're saying.  I did a copy paste into my page and it didn't work, and actually broke the whole site.

 

Having said that, and taking your comments about security with the gravity it deserves, what would be the CORRECT way to go about doing this ignoring the code that I wrote which is clearly the wrong way to approach this problem?

 

Again thanks for you assistance!!

-Carl

Link to comment
Share on other sites

thanks for the quick reply and excuse my ignorance but I don't understand what exactly you're saying.  I did a copy paste into my page and it didn't work, and actually broke the whole site.

 

Having said that, and taking your comments about security with the gravity it deserves, what would be the CORRECT way to go about doing this ignoring the code that I wrote which is clearly the wrong way to approach this problem?

 

Again thanks for you assistance!!

-Carl

 

the code I gave you should work with your current way of handling urls.. but instead of having a url like:

 

http://yoursite.com//lala.php?category=includes/lala

 

it will need to be

 

http://yoursite.com/lala.php?category=lala

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.