Instead of hard coding cases you can validate and constrain the input
with a regex. Much more flexible when adding content. I would also
add code to make sure the file exists, otherwise fall through to the
default.
On Mon, Dec 7, 2009 at 1:14 PM, Kim Madsen <php.net@xxxxxxx> wrote:
> Hi Allen
>
> Allen McCabe wrote on 2009-12-07 21:03:
>>
>> I have been using includes for my content for a while now with no
>> problems.
>> Suddenly it has stopped working, and it may or may not be from some
>> changes
>> I made in my code structure.
>>
>> I use default.php for most or all of my pages within a given directory,
>> changing the content via page numbers in the query string.
>>
>>
>> So on default.php, I have the following code:
>>
>>
>> <?php
>> if(isset($_GET['page']))
>> {
>> $thispage = $_GET['page'];
>> $content = 'content/'.$_GET['page'].'.inc';
>> }
>
>> else
>> {
>> $thispage = "default";
>> $content = 'content/default.inc';
>> }
>
> WOUW! this is a potential security issue!
>
> I can add _any_ parameter to page, incl. an external one, so skip this and
> use a switch instead
>
> switch($_GET['page']) {
> case "admin": $content = "content/admin.inc"; break;
> case "member": $content = "content/member.inc"; break;
> default: $content = "content/default.inc";
> }
>
> What use is $thispage by the way?
>
>> ?>
>> <html>, <body>, <div> etc.
>> <?php include($content); ?>
>>
>>
>> I have a content subdirectory where I store all the pages with files such
>> as
>> "default.inc, 101.inc, 102.inc, etc.
>>
>> As I said, this has been working fine up until now, if I use the url
>> "user/default.php" or just "user/" I get this error:
>>
>>
>> *Warning*: include(content/.inc)
>
> $_GET['page'] is not set, try and print it to the screen aswell...
>
>> [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
>> failed to open stream: No such file or directory in *
>> /home/a9066165/public_html/user/default.php* on line *89*
>>
>> AND
>>
>> *Warning*: include()
>> [function.include<http://lpacmarketing.hostzi.com/user/function.include>]:
>> Failed opening 'content/.inc' for inclusion
>> (include_path='.:/usr/lib/php:/usr/local/lib/php') in *
>> /home/a9066165/public_html/user/default.php* on line *89*
>>
>> But if I use "user/default.php?page=default" I get the correct content.
>>
>> It's acting as if page is set, but set to NULL, and then trying to find an
>> include at path "content/.inc" what's going on??
>>
>
>
> --
> Kind regards
> Kim Emax - masterminds.dk
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
