My website's pages are (or will) all be identical, except for the content of the #main div. So I was thinking in the <head> I could do <?php $page = "home.html"?>, where home.html is the bare contents (not a full html page - no <html>, <head> etc.) of the main div for the home page. So then inside <div id="main"> and </div> I could have <?php include($page);?>. Then the reason I'm asking this question is I want to change $page when a link is clicked. How can I do this? Thanks.
views:
134answers:
3
+1
A:
Your link has to be like:
home.php?page=test
You will get the value in your page variable like this:
if(isset($_GET['page']))
$page = $_GET['page'].'.html';
else
$page = 'index.html';
mnml
2009-10-24 16:30:07
Actually its index.php. So what does $_GET return if there is no 'page'? Because I'd have to set it to 'home.html' if there is none.
Mk12
2009-10-24 16:32:46
In this case, $_GET['page'] returns test.
mnml
2009-10-24 16:34:33
If $_GET['page'] isn't set, the else loop will set $page to index.html
mnml
2009-10-24 16:39:25
+2
A:
You could make the links be like this:
<a href="mypage.php?page=other_page">Other Page</a>
Then also in the top of the page where you set page to the value of $_GET['page']
<?php
if (isset($_GET['page']))
{
$page = $_GET['page'] . ".html";
} else {
$page = "home.html";
}
?>
sholsinger
2009-10-24 16:34:22
don't forget to check if `$_GET['page']` is valid. Someone could easily force your script to include files in other directories if you don't check.
Etan
2009-10-24 16:41:31
No, because all they can specify is the file name. I prepend my pages/ directory and append the .html file extension.
Mk12
2009-10-24 16:58:41
I also found that linking to index?page=home works the same, without the .php extension, so I'm using that.
Mk12
2009-10-24 17:01:55
Beware of file path injection. An attacker can easily subvert your system using index?page=../../../etc/passwd
Pras
2009-10-24 18:43:23
A:
You can do something like: http://yoursite.com/index.php?page=test.html or http://yoursite.com/index.php?page=test (and append .html later).
For instance:
<?php $page = preg_replace('/[^A-Za-z]/','', $_GET['page']);
$path = 'pages/'.$page.'.html'
if (file_exists($path)){ $output = file_get_contents($path); }
else { header("HTTP/1.0 404 Not Found");
$output = file_get_contents('pages/404.html'); }
?>
(Putting the rest of your file after the php, for the 404 header to work.)
Then, you also can use apache rewrites:
Rewrite Engine On
Rewrite Rule ^([A-Za-z]+)$ index.php?page=$1
Then use links like http://mysite.com/page%5Fname
Then in the main div:
<?php echo $output; ?>
CodeJoust
2009-10-24 16:40:45
Normally apache serves files from the webroot (/htdocs etc.), and sets all the different files.Rewriting intercepts these requests and if they match a regular expression, it silently reroutes these requests to another file.This way, the url can be http://mysite.com/mypage but access http://mysite.com/index.php?page=mypage for cleaner, easier to write and remember urls, it also allows you to virtually change the .html extension, or even get rid of it.Using file_get_contents is a security feature. It doesn't execute any php it finds in the file, so malicious and rouge php can't be executed.
CodeJoust
2009-10-24 18:31:34
So how can I rewrite index?page=error, index?page=downloads to /error, /downloads? Specifically, where do I place that Rewrite code?
Mk12
2009-10-24 19:03:30