Non-friendly URLs not linking

software development

#1

I’m setting in page variables through the URL. The URLs look like,

http://www.intrasightinc.com/index.php?genericContent=clientlogin.php

and the code where the variable should be displayed is,

if ($genericContent!=’’) {include $genericContent;}
else {include ‘blank.php’;}

When the initial page (index.php) loads it displays blank.php as it should. But when a link is selected everything is processed, the URL is changed so that the $genericContent=clientlogin.php. However clientlogin.php is never displayed.

On our test site, everything displays and functions normally. It wasn’t until we copied the files up front that the links stopped working.

The backend site:
http://www.intrasightinc.com/backendsite/bj/php/index.php


#2

[quote]I’m setting in page variables through the URL. The URLs look like,

http://www.intrasightinc.com/index.php?genericContent=clientlogin.php”[/quote]
Then you want to use the $_GET superglobal.

[quote]if ($genericContent!=’’) {include $genericContent;}
else {include ‘blank.php’;}[/quote]
Your code is not safe. You need something like:

$this_mode = $_GET['genericContent']; $modes['blank'] = 'blank.php'; $modes['clientlogin'] = 'clientlogin.php'; $modes['shopperlogin'] = 'shopperlogin.php'; if (not array_key_exists($this_mode, $modes)) { $this_mode = 'blank'; } $mode_file = realpath($modes[$this_mode]); include($mode_file); Never trust user input from CGI parameters.

It’s called having a different configuration from your test server and the DreamHost server. See the phpinfo() function.

:cool: [color=#6600CC]Atropos[/color] | openvein.org


#3

It’s pretty poor practice (and incredibly insecure) to include() files passed through the get string. You should really take a look at how your script works and change it.