Page.php?page=

[shifty1]

What is the code I need to put on a template page so that it will pull content pages (just basically pages with only text on it) and throw it in the template page. So I can just have one template and easily add content pages.

the url would looking something like www.domain.com/page.php?page=1

I see this all over the place I just cant get the example code. Im no PHP wizz

 

[Flaresolutions]

In regards to the scripts using the actual file names (and with "secret folders"), wouldent it be possible to include files outside of that directory? All the person has to do is ..

http://www.yoursite.com/page.php?id=../index

To display the main directory index page.

Sure it wouldent actually display the contents but if you managed to get a few levels deeper it could be bad news, Oh and im pretty sure you might be able to chuck some command line queries into that system.

My personal preference to get a template design is..

<?
include_once "header.php"; // Predefined header, no outside interference
?>
CONTENT GOES HERE
<?
include_once "footer.php"; // Predefined footer, no outside interference
?>

With that, all you need to do is break up a layout so it has a header.php and footer.php file and the content for each page is stuck inbetween both of those queries.

 

[CreedFeed]

Simple and secure.

<?php
    // Set the pages you want to be allowed as an include, excluding the ".php" extension.
    $pages = array("home","page","about");

    $p = $_GET["p"];
    foreach($pages as $page) {
        if($page == $p) {
            include($p . ".php");
        }
    }
?>

Include, and use page.php?p=home, for example.

Instead of having to loop through the array in a foreach loop wouldn't it be more efficient to use php's built in "in_array()" function?

<?php
    // Set the pages you want to be allowed as an include, excluding the ".php" extension.
    $pages = array("home","page","about");

    $p = $_GET["p"];
    if (in_array($p, $pages)) {
            include($p . ".php");
    }
?>

In regards to the scripts using the actual file names (and with "secret folders"), wouldent it be possible to include files outside of that directory? All the person has to do is ..

http://www.yoursite.com/page.php?id=../index

To display the main directory index page.

If you don't have measures in place to check what's being asked for, yes. In the code examples given here, I think everyone has run a check on the $id variable. The way most do is include a list of acceptable id's in an array and check if the inputted id is in the array, or use a switch statement to verify...

 

[shifty1]

Simple and secure.

<?php
    // Set the pages you want to be allowed as an include, excluding the ".php" extension.
    $pages = array("home","page","about");

    $p = $_GET["p"];
    foreach($pages as $page) {
        if($page == $p) {
            include($p . ".php");
        }
    }
?>

Include, and use page.php?p=home, for example.

Anyway to put pages in the array that are not in the same folder as page.php?

 

[maximum]

Anyway to put pages in the array that are not in the same folder as page.php?

Alter TommyG's scripting, by changing the include():

include("/path/to/the/other/files/".$p.".php");

 

[LeetPCUser]

If you don't know PHP I would recommend just having it go to the appropriate pages. As others have stated you can leave yourself open to attacks.

 

[adam_uk]

coding like this is bad imho, its also lazy

its buggy
it causes large messy files,
code your appliction right, use web standards, use css, xhtml and scrap this ?page=crap crap

it looks horrible.

just use normal /page1.php
/page2.php

 

[shifty1]

If you don't know PHP I would recommend just having it go to the appropriate pages. As others have stated you can leave yourself open to attacks.

well im in the process of learning php, so if I avoid using it forever it might take me a while to learn how it works. and studying php without putting it into practical application would bore me to death.

 

[maximum]

While I somewhat agree with adam_uk's statement, shifty1 is right. The best way to learn is to try it in real life, and work with it from the beginning