-
Member
php include, need help plz PHP webdesigners
Lol, another thread. But I really really need this.
im building my website and need simple help.
I see alot of php websites have something like this :
www.example.com/index.php?id=news
From what I read so far news will come from either news.txt or news.html , but what exactly do i put into my index.php?
I've seen few websites, and they had diff stuff, I tried them, couldnt get it to work.
Its something like this I guess, but not it exactly:
<?php $page="$id"; include("$page"); ?>
that script gives me errors, plus it says something about Pearl. I hope I dont need to install pearl in order for this php script to work....or do I?>???
Thank YOU so much in advance for your help
"Ha? Sysopt.com is the best site online? Dang Right!"
-- Quote by animeal
-
Ultimate Member
the spelling is perl and secondly, why on earth are you getting those errors?
Code:
<%PHP
$page = $_GET['page'];
include($page & ".html");
%>
will work.
Make sure you don't use $page = $id as this is a security flaw which has been rectified in later builds of PHP ("register globals", essentially means that I could come along and put some code in the url and do some nasty stuff $_get gets rid of this problem).
-
Senior Member
I'm not sure if DocEvi1's code will work for you, most PHP scripts and installations default to the <? ?> delimiters....is <% %> ASP?
I would say something very similar:
PHP Code:
<?
$page = $_GET['page'];
include( $page . ".html" );
?>
The GET Variable can still be injected (I believe) with register_globals on, it's just more protecting against old global variables like PHP_SELF and session handling.
This is a good article explaining the dangers.
http://p2p.wrox.com/archive/beginnin...2002-11/17.asp
Live by it: RunDll32 advpack.dll,LaunchINFSection %windir%\INF\msmsgs.inf,BLC.Remove
-
Ultimate Member
-
Member
thank you
"Ha? Sysopt.com is the best site online? Dang Right!"
-- Quote by animeal
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|