Audiotech Posted July 28, 2010 Share Posted July 28, 2010 Haven't posted here for quite a while but I'm working on my first php driven website and am having a few problems with some includes that I'm sure you'll find to be fairly basic and obvious. What I'm trying to do is get my "home" page to load into a division when you initially visit my site. The header and footer had an include that contains various links which include this home page. The navigation links to the start page work perfectly and as expected, however when the site is visited initially all I get is a blank space in the main content division. The site in question is linked here... http://valvetech.byethost14.com/ The code that I'm using is as follows and I'm at a complete loss as to what I'm doing wrong. <div id="center_column"> <?php $url = ''; if (!empty($_GET['category'])) { $url .= $_GET['category'] . '/'; } if (!empty($_GET['page'])) { $url .= $_GET['page'] . '.php'; } include $url; ?> </div> Thanks in advance for any assistance anybody can give me because I'm at the end of my rope on what should be a fairly easy problem to fix. -Carl Quote Link to comment Share on other sites More sharing options...
RussellReal Posted July 28, 2010 Share Posted July 28, 2010 this isvery dangerous.. and very susceptible to an XSS attack.. I would suggest you to prepend a directory or something to the included file at the least.. or to be more secure toss the values thru a switch statement.. or at even a lower level of security.. remove "include/" from the urls and put: "include/" as the initial value to $url.. and your problem is.. when there is no category or page values you don't default to any categories .. try this.. $url = 'include/'; if (!empty($_GET['category'])) { // do your thing here $url .= $_GET['category']."/"; } else { // ahhhh now we're gonna handle what happens when no category is given.. $url .= "global/"; } if (!empty($_GET['page'])) { // do your thing here $url .= $_GET['page'].".php"; } else { // ahhhh now we're gonna handle what happens when no page is given.. $url .= "new1.php"; } note this could be done in 3 lines.. but to keep it within your code I just copy/pasted and edited Quote Link to comment Share on other sites More sharing options...
Audiotech Posted July 28, 2010 Author Share Posted July 28, 2010 thanks for the quick reply and excuse my ignorance but I don't understand what exactly you're saying. I did a copy paste into my page and it didn't work, and actually broke the whole site. Having said that, and taking your comments about security with the gravity it deserves, what would be the CORRECT way to go about doing this ignoring the code that I wrote which is clearly the wrong way to approach this problem? Again thanks for you assistance!! -Carl Quote Link to comment Share on other sites More sharing options...
RussellReal Posted July 29, 2010 Share Posted July 29, 2010 thanks for the quick reply and excuse my ignorance but I don't understand what exactly you're saying. I did a copy paste into my page and it didn't work, and actually broke the whole site. Having said that, and taking your comments about security with the gravity it deserves, what would be the CORRECT way to go about doing this ignoring the code that I wrote which is clearly the wrong way to approach this problem? Again thanks for you assistance!! -Carl the code I gave you should work with your current way of handling urls.. but instead of having a url like: http://yoursite.com//lala.php?category=includes/lala it will need to be http://yoursite.com/lala.php?category=lala Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.