Php Include Problem


#1

=/ I’ve searched the internet for quite a while now, and it’s just not working out for me.

Here’s what I want: I want it so that I can type in “http://urlofwebsite/index.php?home.php” and it’ll bring me to index.php, and include home.php in the bottom of the page. I have this right now:

<?php include("page_" . $_GET['page'] . ".php") ?>

And… nothing. I go to the page with the ? variable in there, and it acts like the code doesn’t exist. I just get the index page. I’ve also tried, instead of using “home.php” I’ve used, “page=home.php” “home” and “page=home”.

Thanks for the help.

Update: Not even the sample Php Include codes will work if I copy and paste them into a file with the appropriate names. Will someone do me a favor and make 1 file that includes another, then upload them both and give me a link to them for me?


#2

Took me a while to figure it out, (rusty).
Here is some sample code for you.
Index.php is:

Index page for test <?php include ($_GET['page']); ?>

home.php is

This is the home page

The url is http://www.example.com/index.php?page=home.php

My website


#3

No, you do not want to do that!

First of all - NEVER EVER trust input from the web, whether it is URL, POST data, or from headers.

What you are trying to do is a flaw that will cause your web site to be vulnerable to exploitation and denial of service attacks. DO NOT use input directly in a filename when calling a function that opens files. It should be obvious that doing so will let others open files you don’t want opened!

This is what you do:[code]// Create an associative array
$pages = array(
‘home’ => ‘home.php’,
‘about’ => ‘about.php’
);

// Get the input, ‘home’ or ‘about’
$page = $_GET[‘page’];

// Build a path name, resolving symlinks
$page_file = realpath(’/home/username/domain/pages/’ . $pages[$page]);

// Now call include() if this file exists
if (file_exists($page_file)) {
include($page_file);
}[/code]
:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7


#4

Did you ever stop to think what happens when page is ‘index.php’ or perhaps something like ‘.htpasswd’ ?

:cool: openvein.org -//- One-time [color=#6600CC]$50.00 discount[/color] on [color=#0000CC]DreamHost[/color] plans: Use ATROPOS7


#5

[quote]First of all - NEVER EVER trust input from the web, whether it is URL, POST data, or from headers.

What you are trying to do is a flaw that will cause your web site to be vulnerable to exploitation and denial of service attacks. DO NOT use input directly in a filename when calling a function that opens files. It should be obvious that doing so will let others open files you don’t want opened!
[/quote]
… and that is some really "good advice"™!

–rlparker


#6

=/ Actually, it’s only a $1 a month site, and I have the entire thing stored on my computer… and I got a free computer to host it off of… so losing it isn’t something I’m too concerned with at the moment, though I do appreciate the advice, and I’ll keep it in mind when I go for something more professional, and I actually had plans to do it after I had got the include up and working(I have to get it working before I can install safety features).

For now… I’m going to try the suggestion I got…


#7

Took me a while to figure it out, (rusty).
Here is some sample code for you.
Index.php is:

Index page for test <?php include ($_GET['page']); ?>

home.php is

This is the home page

The url is http://www.example.com/index.php?page=home.php

Ok… that didn’t work. What does that mean?

(When I view source, I can see the include code)


#8

One problem with an insecure site on shared hosting is that it puts the entire server at risk for a takeover and resulting resource hogging.

Wait a minute. What do you mean by, “it’s only a $1 a month site, and I have the entire thing stored on my computer… and I got a free computer to host it off of”? Are you saying your’e not hosting this site at DreamHost?

Free unique IP and $67 off with code [color=#CC0000]LMIP67[/color] or use [color=#CC0000]LM97[/color] for $97 off. Click for more promo code discounts


#9

Haha, no, I’m not…

I’m hosting it at orgfree.com.

But if I need to host it elsewhere, I got a free computer a while ago… and I know how to set up a server.

Does that mean you guys can’t help me? =/ 'Cause having boards like these aren’t just for technical support for the site… Websites get visitors because of their boards as well…

Oh well. I’ll go post this somewhere else if I have to.


#10

It’s still not cool to expose another’s server and their users to potential exploits.

Actually, Atropos7 gave you some very good help.

These “boards” primary purpose is to facilitate DreamHost users with DreamHost related issues, but all are welcome.

The “General Troubleshooting” Forum might not have been the proper place for a “Programming” issue that is not related to DreamHost (if you read the Forum descriptions). People are very likely to assume that you are hosting on DreamHost and, particularly with PHP, where the version and installation in use can have a lot to do with how PHP works, you might get “DreamHost” specific answers, rather than generally applicable information.

In this instance, Atropos7’s warning, and the information he provided as to how to do it “properly”, is universally correct and applicable, so it worked out well for you!

Oh well, good luck! :slight_smile:

–rlparker


#11

In reply to ^^ I wasn’t planning on exposing their server. I had mentioned earlier that I had plans to put in the security after I got the Php Include going. Speaking of which… I did, and I’ve got the page check in there as well.

I have one more question now, though:

Is there any way that I can make it so that if there someone goes to “www.example.com/index.html?home”, it changes it to “www.example.com/index.php?home”?

Of course, index.html will be a seperate file containing the JS code. I have this:

But it won’t work. Any ideas?

(Of course, voiding grammar for understandability)