php, using variable with include

[cloudee1]

So currently I am playing arund with the include, and I was trying to use a variable as part of a filename. Unfortunately I am not accomplishing it.

Code: Select all

<?php
if($page =="")
{page="index";}
// creates default $page, works fine
php?>

<?php
include("($page)_left.inc");

// I would like to get include "index_left.inc", "aboutus_left.inc" etc.
php?>

I have tried several variations on this and so far it is a no go.
if I take the variable out of the quotation marks Then it poops out on me, can I even do this?

and the next step passing variables in the address bar, if I wanted to pass the $page. I would do something like this right?

Code: Select all

<a href="index.php?page=aboutus">link</a> to include the aboutus content with above include.

[AGI1122]

Code: Select all

<?php
$page = $_GET['page'];
if (stristr($page,'.') || stristr($page,'..') || stristr($page,'/') || stristr($page,'\\')) {
  die('Hacking attempt was made!');
}
if ($page == '') {
  $page = 'index';
}
include($page.'_left.inc');
?>

This is the correct code to do it. The syntax you where using was completely wrong.

Also it's better to use ' instead of " unless you want variables to be parsed in the string. Otherwise it slows things down because it makes the php have to process more even when there are no variables to display.

And it doesn't pass the variable straight to $page unless a certain variable is set in php.ini in the php configuration. Not only that but it's a security hazard the way you had it, and it won't work on all host setups. All of the variables in the url are stored in $_GET which is an array.

Also you should note that including is dangerous if you include using a variable. If somebody puts the name of a file you don't want them to execute or something else, they could damage your site. I added some checks at the top of the code that will prevent people from including files from other directories, but you will still need to make sure only approved files can be included otherwise they can screw around with your site.

Also you don't need to open and close php tags for every little bit of code you display. You only need to open it when you want to use php. And close it when you reach the end of the file or when you want to put some html. Also the closing tag is just "?>" not "php?>"

Anyway if you have any questions feel free to ask. And sorry for changing your code around so much, but I feel that teaching proper coding and secure coding is good.

[cloudee1]

excellent thanx chris I had kept trudging on last night. and I actually got everything working, just not the way I had started. I ended up using a switch based off of the variable rather than inserting the variable.

Code: Select all

<?php
if($p=='')($p='index';)

switch($p)
{case 'index':include('index_left.inc');break;
 case 'aboutus':include('aboutus_left.inc');break;
 case 'contact':include('contact_left.inc');break;
}
?>

Yeah I don't understand the GET, how does it know my variables.

[Warrior]

I suggest you grab one of the many PHP tutorials on google and learn yourself the syntax, it helps in the long run.

PHP can be fun to program in so good luck

[AGI1122]

All variables that are in the url are automatically placed into the $_GET array.

So if you have this url:
http://localhost/index.php?page=test&name=test&blah=yes

The $_GET array will have 3 values:
$_GET['page']
$_GET['name']
$_GET['blah']

I suggest you grab one of the many PHP tutorials on google and learn yourself the syntax, it helps in the long run.

Actually the official php documentation is the best source to learn it from. I recommend that over other stuff you might find on google.

[Warrior]

I use it as a refrence to functions, after I learned the syntax in some little tutorial it was easy cruisin from there =P .