Jump to content

Php Content and menu


Sibkis
 Share

Recommended Posts

Gidday I am not quite sure what this is call but I have built a template using php and youtube I haveused includes to call the content <?php include_once "info.php";?> <?php include_once "menu.php";?> etc what I would like to do is if a user select a product or service only that information is shown.service designarchitectengineeringif a user select design than the design <?php include_once "designinfo.php";?> is diplayed.I think it's an elseif statement.

Link to comment
Share on other sites

Gidday I am not quite sure what this is call but I have built a template using php and youtube I haveused includes to call the content <?php include_once "info.php";?> <?php include_once "menu.php";?> etc what I would like to do is if a user select a product or service only that information is shown.service designarchitectengineeringif a user select design than the design <?php include_once "designinfo.php";?> is diplayed.I think it's an elseif statement.
try this one sir i thinks this is the code you've been searchingindex.php
<a href="index.php">Home</a><br><a href="index.php?page=second">2nd Page</a><br><a href="index.php?page=another">Another Page</a><?phpif(isset($_GET['page'])){include($_GET['page'].'.php');}else{?><h1>HOME</h1><p>HOME CONTENT</p><?php}?>

second.php (this is for the second page)

<h1>Second Page</h1>Second Page content Test test test test test test :)

:)

Link to comment
Share on other sites

include($_GET['page'].'.php');

PLEASE do not try this. Any half-intelligent child who figures out what you're doing can set up a very simple brute-force attack system that will attempt to execute files all over your server, including files that should only be executed in special circumstances. Files that you have deliberately hidden from normal HTTP access will also be exposed.
Link to comment
Share on other sites

PLEASE do not try this. Any half-intelligent child who figures out what you're doing can set up a very simple brute-force attack system that will attempt to execute files all over your server, including files that should only be executed in special circumstances. Files that you have deliberately hidden from normal HTTP access will also be exposed.
can you give us alternate for that sir? or its fine to navigate all the pages in one php file?
Link to comment
Share on other sites

can you give us alternate for that sir? or its fine to navigate all the pages in one php file?
Use Switch Case Statementexample
<?php <a href="?p=page1">page1</a> | <a href="?p=page2">page2</a> | <a href="?p=page3">page3</a>$x=isset($_GET['p'])?$_GET['p']:"";switch($x){	case"page1":include("page1.php");break;	case"page2":include("page2.php");break;	case"page3":include("page3.php");break;			default:echo"Nopage is selected Yet";}?>

Hope This Will Help You

Link to comment
Share on other sites

Use Switch Case Statementexample
<?php <a href="?p=page1">page1</a> | <a href="?p=page2">page2</a> | <a href="?p=page3">page3</a>$x=isset($_GET['p'])?$_GET['p']:"";switch($x){	case"page1":include("page1.php");break;	case"page2":include("page2.php");break;	case"page3":include("page3.php");break;			default:echo"Nopage is selected Yet";}?>

Hope This Will Help You

i think it will be the same as i posted mine? can it be safe?
Link to comment
Share on other sites

i think it will be the same as i posted mine? can it be safe?
no. in your example you were literally using the value of the p member in the $_GET array as the page to include. In the example given to you, a switch statement is created to make a map of possible $_GET values to pages to include. The value itself is not being used, only to make an association. That is the (big) difference.
Link to comment
Share on other sites

no. in your example you were literally using the value of the p member in the $_GET array as the page to include. In the example given to you, a switch statement is created to make a map of possible $_GET values to pages to include. The value itself is not being used, only to make an association. That is the (big) difference.
i think it is possible in if else statement? which one will be safest to use? it is still the switch?
Link to comment
Share on other sites

there's really no difference. What I was trying to explain to you was the difference between using the value directly vs. making a mapping. The security concern was that you were using a user inputted value $_GET['p'] to call your page directly.

Link to comment
Share on other sites

there's really no difference. What I was trying to explain to you was the difference between using the value directly vs. making a mapping. The security concern was that you were using a user inputted value $_GET['p'] to call your page directly.
can you suggest sir which better code for navigating the pages?or can you take a look how they navigate this page..demo blog Edited by nielcleo
Link to comment
Share on other sites

like thescintist said..Using the switch case is more secure. if you look into switch case strcuture it is restriciting the include. it will include only it matches.suppose user pass somepage.php?p='/webroot/someRestrictedFile.php'include($_GET['p']);so it will let the script include that restricted file which is not supposed to be included. where sswitch case wont let it be included it will just throw you to the default block. switch case is basicly is filtering the user input. all external input should be filtered.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...