Jump to content

include multiple pages


raduenea

Recommended Posts

HY

 

I have index.php and pictures.php.

In index.php I have 3 columns:

- left (for menu)

- right (for advertising)

- center (where I want to include pictures.php)

 

What is the best way to include pictures.php in center of index.php

 

if($_get[pictures]){
include ("pictures.php");
}

 

I ask this because I have multiple variable like "pictures" and I will have multiple "If".

 

Or to include in DB all this variables "pictures" and just add ".php" extension. It is secure in this way ?

 

Thanks

 

Link to comment
Share on other sites

I'm guessing the case is that you need a dynamic way of including files, so that you don't end up with a lot of conditionals. If that's the case, you can use a whitelist approach:

 

index.php?include=pictures | index.php?include=gallery (just examples)

<?php
if (isset($_GET['include'])) {
     $include = $_GET['include'];
     $whitelist = array('pictures', 'gallery', 'form', 'users');
     if (in_array($include, $whitelist)) {
          include($include . '.php');
     }
}
?>

 

Hope it helps.

Link to comment
Share on other sites

@GuiltyGear you have lost me on this one. What is a whitelist approach? And could you please explain your example? Thank You.

 

The example I gave is just a simple "whitelist approach" (I named it lol). In this case, there is a specific number of pages that are going to be included and that is going to happen dynamically (via url variables for example). What happens if a visitor modifies the url or the script gives an incorrect url? The include will fail and show an error because the file doesn't exist! That's why I created an array that holds all the pages that are safe to be included (whitelist), so when a new variable comes in, it is checked if it exists in the whitelist first. In simple words, it includes only a bunch of pages, discarding all the others. Simple as that!

 

NOTE: in_array() is a function that returns true if a value exists in the array. In our case, it checks if the url variable (from $_GET) exists in the array $whitelist.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.