Hi Everyone I would like to make a php website, in order to save some files. What I mean by that is, I would like to instead of having 30 .htm files, I would like to have 3 or so. Is it the best way to do this by using pageId's or contentid's (I believe it doesn't matter what you call them) <? switch($_REQUEST['pageID']) { default: ?> <? break; case "scans": ?> <? } ?> Code (markup): Is it wise to do it this way?
The name of the parameter doesn't matter. For this kind of things however you usually go with a database and pull the content from there. Otherwise all you are going to get is one big and messy file instead of a bunch of smaller separate ones.
Many SEO experts suggest not to name your parameters like "id" or derivates because search engine spiders might consider them session ids. I can't 100% confirm as I usually tend to use "page" or something like that. I subscribe to MartiCode advice, a database oriented approach is the best for you. You will also note that maintenance will be way easier this way.
There is really no reason to do this unless your content is within a database. Otherwise, this will only make your content harder to edit for no real benefit. If you simply want to be able to call each page from one file, you can use somthing like: $file = $_GET['page'] . '.htm'; include ($file); PHP: Then set ?page=BaseFileName It saves the trouble of copying and pasting everything over, and keeps the same ease of editting. But a proper CMS integrated with a database is your best option. e39m5
The idea can work but the script you are giving is highly insecure ! You must thoroughly verify the parameter first before handling it as a filename.
Just run a simple regex pattern to validate it. e39m5, you cannot include() a .htm file. file_get_contents() would work though.
Yes you can. You can include any file type. You can even put PHP code in html files, and it would still be parsed using include().
some simple checking to ensure that the file exists would be a plus as well. if(!file_exists($file)) echo "fugg off"; else include($file); PHP:
Thank you all very much for the replies and for taking the time to explain it, it's been a great help and I've learned a lot from this. I will also send this link too my friend who've helped me with the code I've posted in my first post. I'm sure he'll learn a lot from this too.
I would also check that the file that you are including is on your server and not someone elses. There is a possiblity of an XSS attack using the examples that have been posted. Brew
I had wondered this myself, as I'd posted a similar piece of code as a solution to another problem - would the file_exists() function return true only if the file is located on the local filesystem? i.e. I'm assuming something like file_exists("http://www.website.com/malicious_code.txt"); Code (markup): would return false?
I would assume that it would return true if it existed on a local or remote site, but I havent tested this, so I may be wrong. If this were my site I would hardcode the path of the file and use that in conjunction with the filename. Brew
Probably a wise move. Although I avoid hardcoded paths in my scripts whenever possible. Makes moving server a pain in the arse I would probably define the absolute server path in a config file and refer to that variable name instead. Also, after a quick test, I haven't been able to use file_exists() on remote files - that's no assurance it doesn't work though! I would think, though, to determine if a remote file exists would require checking returned headers, things like that, as a PHP script wouldn't have direct access to that file without requesting it over HTTP or somesuch.
OK guys: two minutes to check php.net/file_exists and you get this: "As of PHP 5.0.0 this function can also be used with some URL wrappers. Refer to Appendix O, List of Supported Protocols/Wrappers for a listing of which wrappers support stat() family of functionality." So, it doesn't necessarily work now for some hosts, but expect it to work in the future. Regarding hardcoding paths... I agree that absolute paths are the best way to go, but also agree that they're a PITA. Instead of configuration values, I always like to use something like: include( basedir( __FILE__ ) . '/somefile.php' ); That will essentially give you an absolute path that is dynamically determined... in my eyes, it's the best of both worlds.