Include php file only on one page??

[Toren]

I have my pages set up to all work off of one index.php file using:

Code:

<?php $page = "html/" . $_GET['page'] . ".html";
include($page); ?>

I want to have something be in a div on the index.php page only on one of the included pages. Like having it show only on "index.php?page=main" but not on "index.php?page=about" or any other pages unless specified. How would I go about doing this? Variables? I'm a beginner when it comes to php.

[NogDog]

PHP Code:

<?php
if($_GET['page'] == 'main') {
?>
<div>
blah blah blah
</div>
<?php
}
?>

PS: you might want to "sanitize" the $_GET['page'] value a bit to stop malicious users from trying stuff like:

Code:

http://yoursite.com/index.php?page=..%2F..%2F..%2Fetc%2Fpasswd%00

One way, if all your html files to be included are in the same directory:

PHP Code:

<?php
$page = "html/" . basename($_GET['page']) . ".html";

[Toren]

Thank you very much! This forum is so helpful. I'm not exactly sure what you mean about the basename thing though.

[NogDog]

basename() function

It returns the supplied string after stripping any directory parts, so basename('/foo/bar/file') returns just "file", and basename('../../../etc/passwd') returns just "passwd", preventing someone from possibly reading your web host's password file if your code tries to include the unsanitized $_GET value.

In other words, never trust data from forms, query strings, cookies, or any other external source that a malicious (or careless) user could manipulate.

[Toren]

Alright I have all of that sorted out. Thank you so much for your help! A lot of the help guides to explain php seem really vague but you've helped a lot.