raduenea Posted April 24, 2011 Share Posted April 24, 2011 HY I have index.php and pictures.php. In index.php I have 3 columns: - left (for menu) - right (for advertising) - center (where I want to include pictures.php) What is the best way to include pictures.php in center of index.php if($_get[pictures]){ include ("pictures.php"); } I ask this because I have multiple variable like "pictures" and I will have multiple "If". Or to include in DB all this variables "pictures" and just add ".php" extension. It is secure in this way ? Thanks Quote Link to comment Share on other sites More sharing options...
sunfighter Posted April 24, 2011 Share Posted April 24, 2011 Things depend on the files involved. We need to see the code for pictures.php and a general view of index.php. Please above php tags to publish. Quote Link to comment Share on other sites More sharing options...
Fadion Posted April 24, 2011 Share Posted April 24, 2011 I'm guessing the case is that you need a dynamic way of including files, so that you don't end up with a lot of conditionals. If that's the case, you can use a whitelist approach: index.php?include=pictures | index.php?include=gallery (just examples) <?php if (isset($_GET['include'])) { $include = $_GET['include']; $whitelist = array('pictures', 'gallery', 'form', 'users'); if (in_array($include, $whitelist)) { include($include . '.php'); } } ?> Hope it helps. Quote Link to comment Share on other sites More sharing options...
raduenea Posted April 24, 2011 Author Share Posted April 24, 2011 very good exemple. Thanks Quote Link to comment Share on other sites More sharing options...
sunfighter Posted April 25, 2011 Share Posted April 25, 2011 @GuiltyGear you have lost me on this one. What is a whitelist approach? And could you please explain your example? Thank You. Quote Link to comment Share on other sites More sharing options...
Fadion Posted April 25, 2011 Share Posted April 25, 2011 @GuiltyGear you have lost me on this one. What is a whitelist approach? And could you please explain your example? Thank You. The example I gave is just a simple "whitelist approach" (I named it lol). In this case, there is a specific number of pages that are going to be included and that is going to happen dynamically (via url variables for example). What happens if a visitor modifies the url or the script gives an incorrect url? The include will fail and show an error because the file doesn't exist! That's why I created an array that holds all the pages that are safe to be included (whitelist), so when a new variable comes in, it is checked if it exists in the whitelist first. In simple words, it includes only a bunch of pages, discarding all the others. Simple as that! NOTE: in_array() is a function that returns true if a value exists in the array. In our case, it checks if the url variable (from $_GET) exists in the array $whitelist. Quote Link to comment Share on other sites More sharing options...
sunfighter Posted April 25, 2011 Share Posted April 25, 2011 Thanks the explanation. It makes perfect sense and I have filed it away for future use. My hang up was how you came to this conclusion from the question, but re-reading the question with your answer THAT now makes sense.. So thanks again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.