i'm trying to learn more about php includes with a new site i'm building. here is a basic layout of it: my php include knowledge is VERY limited. this is typically the code i use, and it's placed where the contact would load: <?PHP if(isset($_GET['page'])) { include($_GET['page'] . '.php'); }else{ include('home.php'); } ?> Code (markup): and then for the nav links the code would simply be: <a href="?page=contact">contact</a> Code (markup): however, in my new situation i need the bottom second half of the page to be its OWN separate php include thing. in reference to the above picture, when you click 'about' the content loads just below it in its designated box (content box 1). additionally, when you click 'website' or 'branding' that content also loads just below it its own area only (content box 2) this is what i need help doing. my other questions with regards to the URL is how can i make the URL www.mysite.com/about INSTEAD of www.mysite.com/?page=about ideally, i would like to have the about.php named 'index.php' and have it within its own folder called 'about'. however i know this conflicts with php includes so I really have no idea on this one. thanks so much for any help!
Based on this. include($_GET['page'] . '.php'); PHP: what would happen if I were to type /?page=../../someotherfolder/index and so forth? Well naturally it would allow someone to include files you may not want them to. So you may want to sanitize those imports. As far as seperate boxes and so forth, you can either do it as frames. Or you can include multiple parts as far as friendly urls such as /about instead of /?page=about that usually involves .htaccess example: RewriteEngine On Options +FollowSymlinks RewriteBase / RewriteRule ^~(.*)/ /index.php?page=$1 [L] Code (markup): the above would make http://yourdomain/~about/ send 'about' as the value or the index. You could even just write the line specifically for about.
I think i understand when you say multiple parts, for example i would just copy the code for the bottom portion of the site and change it to: <?PHP if(isset($_GET['site'])) { include($_GET['site'] . '.php'); }else{ include('home.php'); } ?> Code (markup): i change 'page' to 'site'. is this what you meant? thanks again
Try using : <?php if ($_GET['page'] = contact){ include 'contact.php'; }else{ include 'home.php'; } ?>
First, as to kblessing, directly including whatever is from $_GET is dangerous. Second, it's not the matter of changing 'page' to 'site', kblessing regards to .htaccess files, in which, you can write some simple rules about url and stuff. Hit on google to learn more about what .htaccess can do, it's so powerful, mate. Last, if this case is limited number of pages, which means there are about 4 or 5 .php files, say contact.php, about.php,... I will choose to put in full direct url to the files. That's much simple and straight forward. If the situation requires specified name, taken from database, take your time on validate the variable. If you want SEO friendly url, just bother .htaccess stuff. Hope I get the problem right
For multiple pages a switch is cleaner, and as you mentioned your method is safer than direct inclusion. example $page = isset($_GET['page'])?$_GET['page']:"home"; switch($page) { case "contact": include('contact.php'); break; case "help": include('help.php'); break; case "members": include('members.php'); break; default: include('home.php'); } PHP: and so on.