RE: [PHP] Defining PHP varibles from URL
A simple example might be (unoptimised for clarity):
http://www.myserver.com/someurl/page.php?file=home
v4.1.x
$file = $_GET("file");
// Remove case sensitivity
$file = strtolower($file);
// To stop people including just ANY old file, we are going to use a
switch
// to validate the page they are after. All include files have been
appended
// with .page in order to stop /etc/passwd being outputed (for
instance).
switch ($file) {
case "main" : case "home" : case "elephant" : case "..." : {
include "pages/".$file.".page";
}
default : {
// "unknown.page" could be an error message giving out a 404.
include "unknown.page";
}
}
exit;
?>
Switch is one way of doing it, you could also do it through array's
(using in_array) if you wish all to have the same action. Switch's allow
you to specify different actions for different pages (when you move onto
session validated pages you'll find that ability invaluble) ... Also
comes in useful when your variable parsing script is in the same php
file as your display script. [Id give examples but Im too tired to be
bothered heh]
- Dan
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Defining PHP varibles from URL
-Original Message-
I don't mean to be a pain but could someone send me a working example?
-Original Message-
This was replied to already by me and others. Didn't you read the
replies?
In any event, here's what I wrote last time...
-Original Message-
$file = "";
//the above is defined from the url
include "$file";
It could be what I was typing in the url bar. file.php?file=foobar.inc
-Original Message-
Hmm, so you define $file in your url as "foobar.inc" and then, in the
page itself you take change $file to be "".
At least, that's how I'd read it. I'd suggest, it's not an overly good
idea to include a file like this as someone else has already mentioned.
In any event, your fix would have to be something like this:
If (!isset($file) || empty($file))
{
$file = "some file";
}
Include "$file" ;
That way you're only going to over-write the contents of $file if it's
already either unset or empty.
CYA, Dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Defining PHP varibles from URL
On Monday 06 May 2002 17:28, [EMAIL PROTECTED] wrote: > I don't mean to be a pain but could someone send me a working example? > > I am what you would probably call a 'newbie' > > For those who don't know here is my previous message Didn't you read the numerous replies to your first posting? -- Jason Wong -> Gremlins Associates -> www.gremlins.com.hk Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * /* Paranoid Club meeting this Friday. Now ... just try to find out where! */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Defining PHP varibles from URL
I would advise against doing that unless you really know what your doing. Doing it that way will allow anyone to type in any file on your server that PHP has access to and load it, or possibly load a file off of another server. That said, if you have a url like page.php?file=foo.inc Then that value will be present in $_GET["file"] (PHP 4.1+) or $HTTP_GET_VARS["file"] (PHP <4.1) include($_GET["file"]); include($HTTP_GET_VARS["file"]); ---John Holmes... - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, May 06, 2002 5:28 AM Subject: [PHP] Defining PHP varibles from URL I don't mean to be a pain but could someone send me a working example? I am what you would probably call a 'newbie' For those who don't know here is my previous message can't seem to define a varible from the url entered into a browser. I wish to use the following code or something like it. $file = ""; //the above is defined from the url include "$file"; It could be what I was typing in the url bar. file.php?file=foobar.inc Thanks, JJ Harrison [EMAIL PROTECTED] www.tececo.com -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Defining PHP varibles from URL
The way you're doing it now, you're first ERASING whatever value passed from the URL, with $file=""; and then trying to use it... If this ' $file="" ' is some declaration attempt, just drop it, you don't need to declare variables in PHP. Just check if $file has a value and then use it. For example, if ($file != "") include($file); Hope it helps. -- Pedro Alberto Pontes <[EMAIL PROTECTED]> wrote in message 009501c1f4e0$636d3e80$0100a8c0@JohnH">news:009501c1f4e0$636d3e80$0100a8c0@JohnH... I don't mean to be a pain but could someone send me a working example? I am what you would probably call a 'newbie' For those who don't know here is my previous message can't seem to define a varible from the url entered into a browser. I wish to use the following code or something like it. $file = ""; //the above is defined from the url include "$file"; It could be what I was typing in the url bar. file.php?file=foobar.inc Thanks, JJ Harrison [EMAIL PROTECTED] www.tececo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Defining PHP varibles from URL
On Sun, 5 May 2002, Teemu Pentinsaari wrote: >>> It could be what I was typing in the url bar. >>> >>> file.php?file=foobar.inc >> >> 1) Try include $_GET['file']; >> >> 2) Let me know where your server is so I can go to >> >>http://your.server/file.php?file=/etc/passwd > > You might want to use .php file extension and /include/ directory to prevent > Miquel stealing your pressious passwords :)) http://your.server/file.php?file=../../../etc/passwd%00 miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Defining PHP varibles from URL
>
> file.php?file=inc.foobar.php
> -
> include("include/$file");
>
That doesn't fix anything...
file.php?file=../../../etc/passwd
Just a matter of a few tries to see how many directories you have to go
up...
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Defining PHP varibles from URL
> > It could be what I was typing in the url bar.
> >
> > file.php?file=foobar.inc
>
> 1) Try include $_GET['file'];
>
> 2) Let me know where your server is so I can go to
>
>http://your.server/file.php?file=/etc/passwd
>
> miguel
You might want to use .php file extension and /include/ directory to prevent
Miquel stealing your pressious passwords :))
file.php?file=inc.foobar.php
-
include("include/$file");
Just a thought :)))
Teemu
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Defining PHP varibles from URL
-Original Message-
$file = "";
//the above is defined from the url
include "$file";
It could be what I was typing in the url bar.
file.php?file=foobar.inc
-Original Message-
Hmm, so you define $file in your url as "foobar.inc" and then, in the
page itself you take change $file to be "".
At least, that's how I'd read it. I'd suggest, it's not an overly good
idea to include a file like this as someone else has already mentioned.
In any event, your fix would have to be something like this:
If (!isset($file) || empty($file))
{
$file = "some file";
}
Include "$file" ;
That way you're only going to over-write the contents of $file if it's
already either unset or empty.
CYA, Dave
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Defining PHP varibles from URL
On Sun, 5 May 2002 [EMAIL PROTECTED] wrote: > I can't seem to define a varible from the url entered into a browser. > > I wish to use the following code or something like it. > > > $file = ""; > //the above is defined from the url > include "$file"; > > > It could be what I was typing in the url bar. > > file.php?file=foobar.inc 1) Try include $_GET['file']; 2) Let me know where your server is so I can go to http://your.server/file.php?file=/etc/passwd miguel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
