Php term question...

botboy

2[H]4U
Joined
Mar 21, 2000
Messages
2,680
Introduction:
I've got a website at www.speedyoldtruck.com, and want to get the content separated from the form of the site. I know HTML reasonably well and made everything on the site myself starting with a blank notepad document and paint shop pro.

I read the Php.net beginners tutorial and feel I have a shallow grasp on PHP, but don't feel I need to learn every command in PHP in order to get this done, so I'm looking for some help accelerating my learning process, be it code, or the name of commands I should look into to get this started. I don't want to use frames for this though it would probably be easier I think it would look hideous and I don't like frames.

Ok so here's an example of what I would like to do:

Say I have an HTML outline of a page we'll call "projects.php". Projects.php is the rough outline of the site, and calls upon file "x" to create the menu of links at the left of the page with links to other sections of the site. That way, instead of updating a few gazillion pages when I add a section, I can update file "x" and every php page on the site will instantly reflect the link to the new section. File X takes care of the menu content in the left pane of the site.

I also want to make php call on certain files to supply the content for the right pane, which composes the actual content for the site.

So say I navigated to projects.php?headlights. This would take the html/php file projects.php, call on the file "X" to fill in the left pane with links and call on the file "headlights" to fill in the right pane with information about (presumably) headlights. This is all I want to do for now...eventually maybe have another pane which references to the forum on the site but for now I just want to figure out the basics.

Any help you can give me is greatly appreciated.
 
PHP:
<?php include("foo.bar"); ?>

Put that wherever you want to include an external file. :)
 
You'll also want to use the $_SERVER / $_GET supervariables to check the parameter you've passed in.

Personally, I think a URI like ...projects.php?headlights looks pretty bad. I'd do a couple things:

1) make the base file index.php, so that you can leave it off the URI.
2) Look at Apache's mod_rewrite to change the '?' to a '/'

End result is a URI of domain.tld/headlights that works the same way.
 
as far as mod_rewrite, i agree with that, however, for a beginner, only worry about one thing at a time. make the site first, then come back to mod_rewrite
 
lomn75 said:
You'll also want to use the $_SERVER / $_GET supervariables to check the parameter you've passed in.

Personally, I think a URI like ...projects.php?headlights looks pretty bad. I'd do a couple things:

1) make the base file index.php, so that you can leave it off the URI.
2) Look at Apache's mod_rewrite to change the '?' to a '/'

End result is a URI of domain.tld/headlights that works the same way.

Okay, so I've re-written the code in the index.php file so that it now refers to the left links menu as a separate file (lbar.php), the right content pane as a separate file (rbar.php) and the footer with legal crap as a separate file (bbar.php)

I did this (rather easily I might add) by taking silverMK3's code example and filling in "foo.bar" with "whatever.php" file where I had already defined tables (for the links pane and content pane - the footer just follows the content pane) - this is up and running on the index page only for right now, if you care to look (www.speedyoldtruck.com/index.php)

I want to make it so that if you type in index.php?foobar then it fills in the right pane with the file foobar.php, and I assume thats what the $ _ server or $ _ get command does, but could you illustrate proper usage?
 
Code:
<?PHP
  $page = $_GET['page'];
  if ($page == "whatever") {
    include "whatever.php";
  }
  elseif ($page == "whenever") {
    include "whenever.php";
  }
  else {
    include "default.php";
  }
?>

speedyoldtruck.com/index.php?page=whatever

Notice how a default is used if an incorrect value is specified. This prevents your users from receiving errors, and also avoids security concerns of executing 'include' on an unknown variable.
 
A possible revision:
Code:
if (!isset($_GET['page'])) // prevent undefined variable notice
{  $_GET['page'] = NULL; }
switch ($_GET['page'])
{
  case this:
    ...
    break;
  case that:
    ...
    break;
  case other:
    ...
    break;
  default:
    ...
}
I bring this up for a few minor quibbles, not a major critique:
-- removing the potential undefined variable notice
-- replacing nested ifs with switch
-- removing the extra variable
 
BollWeevil said:
Code:
<?PHP
  $page = $_GET['page'];
  if ($page == "whatever") {
    include "whatever.php";
  }
  elseif ($page == "whenever") {
    include "whenever.php";
  }
  else {
    include "default.php";
  }
?>

speedyoldtruck.com/index.php?page=whatever

Notice how a default is used if an incorrect value is specified. This prevents your users from receiving errors, and also avoids security concerns of executing 'include' on an unknown variable.


The problem with this, as I just tried it, is that in order for it to work you need to define every single page other than "default.php". Is there such a way to do this so that whatever follows the ?page= automatically makes the server look for a file of the same name?

So that if you type in www.speedyoldtruck.com/index.php?page=bork
the server will automatically attempt to fill in the right pane with bork.php (and if there is no bork.php it just fills in default.php) or do I just have to copy/paste a lot of elseif's to define bork=bork.php, bork2=bork2.php, gnarf=gnarf.php and so on?

I mean, if it comes down to it, I can certainly fill in a lot of elseif's on the index.php page for every page on the site, it just seems a bit painstaking and tedious, you know?
 
You could do

$page = $_GET['page'];
include "${page}.php";

But the problem with this is that it can pose a security risk. If someone passed a malformed string, it could do bad things. Also, if someone passed an incorrect spelling, or page that doesn't exist, they may receive ugly php errors or the script may not output anything at all, depending on your config, but neither is desirable, as it would crash your script. That's why it's best to have pre-defined allowed values and a default statement if those don't match.

Now you don't necessarily have to do if..else statements. You could build an array of allowed values, then just have one statement to check whether the value passed is in the array, if not print a desirable error or default.
 
BollWeevil said:
You could do

$page = $_GET['page'];
include "${page}.php";

But the problem with this is that it can pose a security risk. If someone passed a malformed string, it could do bad things. Also, if someone passed an incorrect spelling, or page that doesn't exist, they may receive ugly php errors or the script may not output anything at all, depending on your config, but neither is desirable, as it would crash your script. That's why it's best to have pre-defined allowed values and a default statement if those don't match.

Now you don't necessarily have to do if..else statements. You could build an array of allowed values, then just have one statement to check whether the value passed is in the array, if not print a desirable error or default.

Ok, I definitely appreciate the help you're giving out, but I think you overestimate my abilities with PHP...

1) How can a security risk be posed by someone passing a malformed string (I'm assuming a string like index.php?=pagethatdoesnotexist)? What exactly is the worst that someone could do by exploiting a security risk of this magnitude? Keep in mind I'm not doing my own hosting here, its being taken care of by Godaddy.
2) in the event that the ?= is undefined, could I use the get/include code statement you posted in conjunction with a default page (think the actual index page, the one they get to when they go to www.speedyoldtruck.com or speedyoldtruck.com/index.php, where there is no *page* defined)
3) What terms should I look up in order create an array?

Thanks again
 
This is what I do. I have a class file that has an array of "valid content" pages. I put the content in a folder called inc_content.

so in folder inc_content I have files inc_listing.php inc_bio.php inc_something_else.php

so my array is
Code:
$valid content = array ('listing', 'bio', 'something_else' );

Then in my code I check the url for a content=$content

so if the url is http://www.mysite.com/index.php?content=listing it will include the listing file like so:
Code:
if( isset( $_GET['content'] ) && inarray( $_GET['content'], $valid_content ) ) {
   require( 'inc_content/inc_' . $_GET['content'] . '.php' );
} else {
   print 'The page you requested could not be found. Please try again.';
}

Now it's a bit simplified but it's the basic idea. Then when I need to add a new page I create the inc_whatever.php file in the inc_content folder and then add a value to the array. It's not 100% automatic, but it's much more secure since you limit the files they can open to known valid ones.

If you just let any value be passed and got the file what's stopping me from requesting the file www.mysite.com?content=/etc/password ?
 
botboy said:
1) How can a security risk be posed by someone passing a malformed string (I'm assuming a string like index.php?=pagethatdoesnotexist)? What exactly is the worst that someone could do by exploiting a security risk of this magnitude? Keep in mind I'm not doing my own hosting here, its being taken care of by Godaddy.
2) in the event that the ?= is undefined, could I use the get/include code statement you posted in conjunction with a default page (think the actual index page, the one they get to when they go to www.speedyoldtruck.com or speedyoldtruck.com/index.php, where there is no *page* defined)
3) What terms should I look up in order create an array?
1) ?=/wherever/system/passwords/are
2) Yes, there's an if_file_exists or similar call. You could run that on arbitrary input and have a default fallback if it's not legal.
2a) One intermediate solution would be to have an array of allowed values for the variable. If the parameter is in the array, proceed, else default.
3) array() and the array functions in the PHP manual.
 
Ok so here's what I put into the right content "pane" section of index.php. If I just go to /index.php, it displays rbar2.php in that pane (good)

Having created a dummy "inc_bio.php" file and a "inc_listing.php" file inside a folder called "inc_content", with your top code included in inc_listing.php. When I try to navigate to /index.php?content=bio I get the following error displayed in my content pane

Fatal error: Call to undefined function: inarray() in /home/content/s/p/e/speedyoldtruck/html/PHP/index.php on line 63

Below is the code I'm using, can you tell me what I'm doing wrong?


Code:
<?PHP

if( isset( $_GET['content'] ) && inarray( $_GET['content'], $valid_content ) ) {
   require( 'inc_content/inc_' . $_GET['content'] . '.php' );
} else {
   include("rbar2.php");
}

?>
 
deuce868 said:
the function is called in_array()

There is an underscore between in and array

If it isn't one thing, it's another...
I fixed the code so that inarray() is now in_array()

Now when I go to /index.php it gives me the default page, when I try to go to index.php?content=bio it gives me the following error:

Warning: in_array(): Wrong datatype for second argument in /home/content/s/p/e/speedyoldtruck/html/PHP/index.php on line 63

Now what am I doing wrong?
 
botboy said:
...

Warning: in_array(): Wrong datatype for second argument in /home/content/s/p/e/speedyoldtruck/html/PHP/index.php on line 63

Now what am I doing wrong?

Well you don't show the code where you set up your array of valid options. The second argument has to be an array so you need to make sure that $valid_content is in fact a populated array of values for the valid content.

Edit...
I just looked back at my code and saw that I had some typos. Sorry, but I don't write much code in a forum like that.

If you straight copy/pasted my code there does not appear to be an underline in the initial $valid content = array(... You need to connect the work valid to the word content with an _ character. Sorry for the typo.
 
deuce868 said:
Well you don't show the code where you set up your array of valid options. The second argument has to be an array so you need to make sure that $valid_content is in fact a populated array of values for the valid content.

Edit...
I just looked back at my code and saw that I had some typos. Sorry, but I don't write much code in a forum like that.

If you straight copy/pasted my code there does not appear to be an underline in the initial $valid content = array(... You need to connect the work valid to the word content with an _ character. Sorry for the typo.

Hmm, fixed it so it says $valid_content = array(
Get error Warning: in_array(): Wrong datatype for second argument in /home/content/s/p/e/speedyoldtruck/html/PHP/index.php on line 63

My array is at inc_content/inc_listing.php
Here's a direct copy/past of whats in inc_listing.php

Code:
$valid_content = array ('listing', 'bio' );

inc_bio.php is just straight text saying "this is just a test for the bio file" and is located in folder /inc_content/

My test folder for all this is www.speedyoldtruck.com/PHP
the url when I'm testing the bio file is:
www.speedyoldtruck.com/PHP/index.php?content=bio

Files involved:
www.speedyoldtruck.com/PHP/index.php
www.speedyoldtruck.com/PHP/rbar2.php (default)
www.speedyoldtruck.com/PHP/inc_content/inc_bio.php
www.speedyoldtruck.com/PHP/inc_content/inc_listing.php

Any ideas?
 
can you post the code from index.php? Seeing the page doesn't help me see what code in on line 63.
 
Code:
<?PHP

if( isset( $_GET['content'] ) && in_array( $_GET['content'], $valid_content ) ) {
   require( 'inc_content/inc_' . $_GET['content'] . '.php' );
} else {
   include("rbar2.php");
}

?>

Obviously not the full code of the main page, just the part that is supposed to take inc_bio.php and insert it into the main page's content pane.
 
PM me if you want and I'll give you an email you can send the file to. I think I can help better if I see the file.
 
You're kidding right? You realize that I can't see the php source when I do that? I need to see the actual PHP file you're editing. Tell ya what, try reading up on PHP, how it works and maybe you can find the problem yourself. I think you've more than a bit to learn still.
 
deuce868 said:
You're kidding right? You realize that I can't see the php source when I do that? I need to see the actual PHP file you're editing. Tell ya what, try reading up on PHP, how it works and maybe you can find the problem yourself. I think you've more than a bit to learn still.

Yeh, no kidding. n00bs. :rolleyes:
 
Back
Top