Problem Trimming Variable

[kennywhite]

I'm more or less a noob. I have used the below code on another webpage, but on a new site that I am working on I attempted to trim the variable and now the page won't load. Can someone show me what I did wrong or a better way to accomplish this?

 

<?php 

# GRAB THE VARIABLES FROM THE URL
$x = $_GET['x'];

$valid = array('cat:1', 'cat:2', 'cat:3', 'cat:4', 'cat:5', 'cat:6', 'cat:7', 'cat:8', 'cat:9', 'cat:10', 'cat:11');

if(in_array($x, $valid))
$trimmed = trim($x, "cat:");
include_once $trimmed . '.inc';

else
  include '1.inc';  

?>

 

When I used this before my variables did not have a colon in them, so I did not have to trim the variable, thus the last part of the script was:

 

if(in_array($x, $valid))
include_once $x . '.inc';

else
  include('1.inc');  
?>

[premiso]

FOr multi-line if statements you need to use brackets and use ltrim to trim from the left:

 

if(in_array($x, $valid)) {
  $trimmed = ltrim($x, "cat:");
  include_once $trimmed . '.inc';
}else {
  include '1.inc';
}  

[kennywhite]

Awesome! Thanks! I should have remembered the brackets, but I was totally clueless to ltrim.

 

Thanks again!

[premiso]

Also a word of caution, you should either make it  .inc.php  or set the .inc to be disallowed in the .htaccess with something like:

 

<Files ~ "\.(inc)$">
  order allow,deny
  deny from all
</Files>

 

So that way people cannot just look at your php code.

 

 

[kennywhite]

Thanks for the tip. I did change my includes to a php extension.

 

I just took my site from my local test server and put it live. Now I get this error on the live page:

 

Notice: Undefined index: x in /home/punkrock/public_html/index.php on line 50

 

I get this if I go to index.php, but the else statement works, because the "else" include does shows up. If I go to index.php?x=cat:1

I don't get the notice and the includes still show up as expected. Is there something wrong with the way the code is written? The first line below is line 50, by the way.

 

 

# GRAB THE VARIABLES FROM THE URL
$x = $_GET['x'];

$valid = array('cat:1', 'cat:2', 'cat:3', 'cat:4', 'cat:5', 'cat:6', 'cat:7', 'cat:8', 'cat:9', 'cat:10', 'cat:11');

if(in_array($x, $valid)) {
  $trimmed = ltrim($x, "cat:");
  include_once 'includes/' . $trimmed . '.php';
}
else 
{
  include 'includes/1.php';
}  

[kennywhite]

For the time being I added this runtime setting to not display notices.

error_reporting(E_ALL & ~E_NOTICE);

[mikesta707]

whats happening is the followign line

$x = $_GET['x'];

 

is trying to grab the value of x from the $_GET super global. However, you fail to remember that if you don't pass x in the $_GET superglobal (like when you just load the page, without the ?x=whatever stuff) PHP will still try to grab the value. You should check if its set before you assign it something

$x = (isset($_GET['x'])) ? $_GET['x'] : "";

 

if its not set, $x will be set to the empty string, which will proc your else statement (as intended I assume)

[kennywhite]

Thanks. I'll be sure to remember that in the future.