www.webdeveloper.com
Results 1 to 5 of 5

Thread: Include php file only on one page??

  1. #1
    Join Date
    Sep 2010
    Posts
    5

    Include php file only on one page??

    I have my pages set up to all work off of one index.php file using:

    Code:
    <?php $page = "html/" . $_GET['page'] . ".html";
    include($page); ?>
    I want to have something be in a div on the index.php page only on one of the included pages. Like having it show only on "index.php?page=main" but not on "index.php?page=about" or any other pages unless specified. How would I go about doing this? Variables? I'm a beginner when it comes to php.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,252
    PHP Code:
    <?php
    if($_GET['page'] == 'main') {
    ?>
    <div>
    blah blah blah
    </div>
    <?php
    }
    ?>
    PS: you might want to "sanitize" the $_GET['page'] value a bit to stop malicious users from trying stuff like:
    Code:
    http://yoursite.com/index.php?page=..%2F..%2F..%2Fetc%2Fpasswd%00
    One way, if all your html files to be included are in the same directory:
    PHP Code:
    <?php
    $page 
    "html/" basename($_GET['page']) . ".html";
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  3. #3
    Join Date
    Sep 2010
    Posts
    5
    Thank you very much! This forum is so helpful. I'm not exactly sure what you mean about the basename thing though.

  4. #4
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,252
    basename() function

    It returns the supplied string after stripping any directory parts, so basename('/foo/bar/file') returns just "file", and basename('../../../etc/passwd') returns just "passwd", preventing someone from possibly reading your web host's password file if your code tries to include the unsanitized $_GET value.

    In other words, never trust data from forms, query strings, cookies, or any other external source that a malicious (or careless) user could manipulate.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  5. #5
    Join Date
    Sep 2010
    Posts
    5
    Alright I have all of that sorted out. Thank you so much for your help! A lot of the help guides to explain php seem really vague but you've helped a lot.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles