php include [Archive] - WebDeveloper.com

Click to See Complete Forum and Search --> : php include

glitch1501

01-10-2006, 07:58 PM

I am trying to get php include working on this site I am working on, but I am having the strangest errors. The server has php3 on it..I wish we could upgrade, but it is a shared server, and they said we can't.

<?php
$ext = '.php';
$idx = $_GET["page"];
$idx = isset($idx) ? $idx.$ext : 'home'.$ext;
if(file_exists($idx))
{
include $idx;
}
else
{
echo 'The '.$_GET["page"].' page has not been implemented yet. ';
}
?>

The errors I am getting are,

Notice: Undefined index: page in d:\Customers\user*******\www\index.php on line 105

Notice: Undefined index: page in d:\Customers\user*******\www\index.php on line 113
The page has not been implemented yet.

and when i click on any link, it brings up the "this page has not been implemented yet" even though the files are there...

I did test it on my own server(php5), and it worked fine, Any input would be greatly appreciated.

glitch

glitch1501

01-10-2006, 08:30 PM

hmmm, i found out that

In PHP 4.2.0 and later, the default value for the PHP directive register_globals is off.

so i need to use $HTTP_*_VARS instead of $_GET

so i do not get any errors anymore, but it is not finding the webpages, it still says that they are not implemented yet..

here is the current code

<?php
$ext = '.php';
$idx = $HTTP_GET_VARS["page"];
$idx = isset($idx) ? $idx.$ext : 'home'.$ext;
if(file_exists($idx))
{
include $idx;
}
else
{
echo 'The '.$HTTP_GET_VARS["page"].' page has not been implemented yet. ';
}
?>

aaronbdavis

01-11-2006, 09:19 AM

Glad you got part of it to work, but that's not what register_globals does.

use this address for the below examples: /this.php?page=index

register_globals=on makes a variable called $page from the GET variable and sets it to "index".
register_globals=off makes a GET variable called $_GET["page"] and sets it to "index".

in order to use a variable called $page with register_globals=off, you have to take it from the GET array. ie $page = $_GET["page"].

this was done to fix a security hole, shown below
//this page is not meant to get any GET data
if $admin == 1 {/* do some stuff */}
/* all a hacker has to do is pass the following "/this.php?admin=1"
and he has bypassed part of your code*/

as for the other part of your problem:
I am not sure about PHP, but in ASP all the includes are parsed first, before anything is executed. It is therefore impossible to include a file the way you want. Rather you would have to use if-else statements or switch statements, then include the appropriate files.
e.g.
if ($foo) {
include 'foo.php'
} else {
include 'bar.php'
}