Today's Posts Follow Us On Twitter! TFL Members on Twitter  
Forum search: Advanced Search  
Navigation
Marketplace
  Members Login:
Lost password?
  Forum Statistics:
Forum Members: 24,254
Total Threads: 80,792
Total Posts: 566,471
There are 1711 users currently browsing (tf).
 
  Our Partners:
 
  TalkFreelance     Design and Development     Programming     PHP and MySQL :

PHP Help

Thread title: PHP Help
Closed Thread  
Page 1 of 3 1 2 3 >
    Thread tools Search this thread Display Modes  
11-21-2005, 06:38 PM
#1
RossJJ is offline RossJJ
Status: RJ
Join date: Dec 2004
Location: Essex
Expertise:
Software:
 
Posts: 1,116
iTrader: 1 / 100%
 

RossJJ is on a distinguished road

Send a message via AIM to RossJJ Send a message via MSN to RossJJ

  Old  PHP Help

Ok ive been trying to code this site, Ive tryed to use a bit of php, you see where the images are I used

PHP Code:
 <?PHP
$number
=5;
include(
"main.php");
?>
Dont know if this is the best way of doing it, but I want when someone clickes a link, it changes the php to "car.php" or whatever. I just didnt want to use Iframes. Can someone help me out?

Website

11-21-2005, 09:34 PM
#2
jared is offline jared
jared's Avatar
Status: Member
Join date: Sep 2005
Location: Victoria, TX
Expertise:
Software:
 
Posts: 172
iTrader: 0 / 0%
 

jared is on a distinguished road

Send a message via AIM to jared Send a message via Skype™ to jared

  Old

not sure if this is what you are talking about

but you could have you link to be something like

yourdomain.com/index.php?section=car

then in your code you could have something along the lines of

PHP Code:
// at the top of the page
<?
If(!empty($_GET[section]))
        
$section $_GET[section];
    else
        
$section "main";

// now put this where ever you want the content to go

 
include($section ".php");

?>
Now what this does. The !empty($_GET[section]) checks to see if the $section variable has anything in it, like if you were clicking a link. If it is not empty, the $section variable is passed through. If it is empty (like if you just typed in your domain and didnt click and links) it just includes a default PHP file that you can set.

I know this is probably a confusing example but once you understand it, it works very well.

cheers

11-21-2005, 09:51 PM
#3
sketchie is offline sketchie
sketchie's Avatar
Status: Senior Member
Join date: Jul 2005
Location:
Expertise:
Software:
 
Posts: 835
iTrader: 1 / 100%
 

sketchie is on a distinguished road

  Old

I would use switch cases to be on the safe side.
sayt he url is http://domain.com/something.php?$id=about
PHP Code:
switch ($_GET['id']) {
case 
"about":
   include (
"about.php");
   break;
case 
"contact":
   include (
"contact.php");
   break;
   default:
   include (
"main.php");

I wouldn't use the above method to be honest.

As - though I havn't tested -
if someone put
http://domain.com/something.php?id=w...erurl.com/page
and the above code would just add the ".php" to it and "wallah" someone can include some exploitable code.

11-21-2005, 09:53 PM
#4
sketchie is offline sketchie
sketchie's Avatar
Status: Senior Member
Join date: Jul 2005
Location:
Expertise:
Software:
 
Posts: 835
iTrader: 1 / 100%
 

sketchie is on a distinguished road

  Old

*psoted two times for some reason :\*

11-21-2005, 10:14 PM
#5
xZaft is offline xZaft
Status: Member
Join date: Jul 2005
Location: Massachusetts, US
Expertise:
Software:
 
Posts: 428
iTrader: 0 / 0%
 

xZaft is on a distinguished road

  Old

I agree with sketchie to be honest. His makes more sense when you think about it, and it actually can be exploitable. Use sketchies, if you are looking for something like that. Also, make sure you have the default, and use tabs correctly .

11-21-2005, 10:22 PM
#6
RossJJ is offline RossJJ
Status: RJ
Join date: Dec 2004
Location: Essex
Expertise:
Software:
 
Posts: 1,116
iTrader: 1 / 100%
 

RossJJ is on a distinguished road

Send a message via AIM to RossJJ Send a message via MSN to RossJJ

  Old

Hey thanks for trying to help, ive never used php before, I can't seem to get it to work, When I added that code the template just got messed up. I tryed putting both codes in the same place but that didnt work, and sketchie what do I put the link location as?

11-21-2005, 10:26 PM
#7
jared is offline jared
jared's Avatar
Status: Member
Join date: Sep 2005
Location: Victoria, TX
Expertise:
Software:
 
Posts: 172
iTrader: 0 / 0%
 

jared is on a distinguished road

Send a message via AIM to jared Send a message via Skype™ to jared

  Old

Well the method I posted works is used by the firm I used to work for. It is perfectly secure if you know how to use it.

The case statement is good but when you are dealing with a template and you have over 50 pages it becomes a bit clumsy.


I wouldn't use the above method to be honest.

As - though I havn't tested -
if someone put
http://domain.com/something.php?id=...kerurl.com/page
and the above code would just add the ".php" to it and "wallah" someone can include some exploitable code.
This will not work. Since when do includes work with remote websites?
Try and do include("www.yourdomain.com/honoes.php") and see what happens. Nothing.

Like I said, if you are smart this script is perfectly secure. But by smart, I mean you have to know what files should be protected by .htaccess (admin files).

Either way the case statement will work fine, but imho this is more efficient.

11-21-2005, 10:31 PM
#8
Aros is offline Aros
Aros's Avatar
Status: Lurker
Join date: Jul 2004
Location: the Netherlands
Expertise:
Software:
 
Posts: 1,074
iTrader: 2 / 100%
 

Aros is on a distinguished road

  Old

Originally Posted by jared
Well the method I posted works is used by the firm I used to work for. It is perfectly secure if you know how to use it.

The case statement is good but when you are dealing with a template and you have over 50 pages it becomes a bit clumsy.



This will not work. Since when do includes work with remote websites?
Try and do include("www.yourdomain.com/honoes.php") and see what happens. Nothing.

Like I said, if you are smart this script is perfectly secure. But by smart, I mean you have to know what files should be protected by .htaccess (admin files).

Either way the case statement will work fine, but imho this is more efficient.
Your method is dangeroes, you could include any file you would want. Possibly not external files (dependant on settings), but any other file on that server. Such as a file located in an Admin directory which a user shouldn't be able to access at all.

11-21-2005, 10:35 PM
#9
jared is offline jared
jared's Avatar
Status: Member
Join date: Sep 2005
Location: Victoria, TX
Expertise:
Software:
 
Posts: 172
iTrader: 0 / 0%
 

jared is on a distinguished road

Send a message via AIM to jared Send a message via Skype™ to jared

  Old

Blaze

Try this

At the top of your document

PHP Code:
<?
If(!empty($_GET[section]))
        
$section $_GET[section]; 
?>
Now where you want the cars.php to be displayed put
PHP Code:
<? include($section ".php"); ?>
Now just make sure your link is
Code:
<a href="main.php?section=car">Your Link Here</a>
Also above is assuming that the page you are using is main.php

if you have any more trouble post your code

11-21-2005, 10:40 PM
#10
jared is offline jared
jared's Avatar
Status: Member
Join date: Sep 2005
Location: Victoria, TX
Expertise:
Software:
 
Posts: 172
iTrader: 0 / 0%
 

jared is on a distinguished road

Send a message via AIM to jared Send a message via Skype™ to jared

  Old

Originally Posted by Aros
Your method is dangeroes, you could include any file you would want. Possibly not external files (dependant on settings), but any other file on that server. Such as a file located in an Admin directory which a user shouldn't be able to access at all.
You can't include any files. It pre-sets the file type to .php so you can't execute any system files.

If you are using an admin code base just put a .htaccess file in the admin folder.

Like I said, I guess for small sites case statement would prob be easier because you don't have this 'security' issue. But if you are running a large site, all you should need to do is initially setup the access and then you won't have to worry about it.

Closed Thread  
Page 1 of 3 1 2 3 >


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

  Posting Rules  
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump:
 
  Contains New Posts Forum Contains New Posts   Contains No New Posts Forum Contains No New Posts   A Closed Forum Forum is Closed