php include, need help plz PHP webdesigners

[animeal]

Lol, another thread. But I really really need this.
im building my website and need simple help.
I see alot of php websites have something like this :
www.example.com/index.php?id=news

From what I read so far news will come from either news.txt or news.html , but what exactly do i put into my index.php?

I've seen few websites, and they had diff stuff, I tried them, couldnt get it to work.

Its something like this I guess, but not it exactly:

<?php $page="$id"; include("$page"); ?>

that script gives me errors, plus it says something about Pearl. I hope I dont need to install pearl in order for this php script to work....or do I?>???
Thank YOU so much in advance for your help

[DocEvi1]

the spelling is perl and secondly, why on earth are you getting those errors?

Code:

<%PHP
   $page = $_GET['page'];
   include($page & ".html");
%>

will work.

Make sure you don't use $page = $id as this is a security flaw which has been rectified in later builds of PHP ("register globals", essentially means that I could come along and put some code in the url and do some nasty stuff $_get gets rid of this problem).

[CompGeek01]

I'm not sure if DocEvi1's code will work for you, most PHP scripts and installations default to the <? ?> delimiters....is <% %> ASP?

I would say something very similar:

PHP Code:

<?
     $page = $_GET['page'];
     include( $page . ".html" );
?>

The GET Variable can still be injected (I believe) with register_globals on, it's just more protecting against old global variables like PHP_SELF and session handling.

This is a good article explaining the dangers.

http://p2p.wrox.com/archive/beginnin...2002-11/17.asp

[DocEvi1]

Thanks for correcting that there, I'm getting myself mixed up between JSP, ASP and PHP

Sorry <?PHP is the correct tag I use

[animeal]

thank you