Jump to content
xisto Community
cwalden

How To Create Php Navigation(page.php?go=whatever)

Recommended Posts

How to create php navigation(page.php?go=whatever)

First, check if you web hoster offers php support (most people would anyway).

Now create a new file called index.php (if you already have a file called index, rename it to index2.php)

Now enter <?php

on a newline enter: switch ($go) {

enter: case "(whatever you like)":

enter: require ('(whatever your file is called.php/htm/html)');

now enter: break

Repeat the last couple of steps until you are finished.

Now you need to set the default value(if people type ?go=something-you-didnt-set-as-a-value)

now finally enter: default:

then enter: require ('index2.php/htm/html');}?>

So the final code would look like:

<?phpswitch ($go) {case "1":require ('1.php');break;case "2":require ('2.php');break;case "3":require ('3.php');break;default:require ('index2.php');}?>

Share this post


Link to post
Share on other sites

Hi all

 

Use this code , its easy and fast for "n" page :P

at first make page.php with notepad and then save this code at page.php :

 

<?php$go = $_GET['gi'];include "$go.php";?>

its very easy for example if you have index.php

at url you must use this address :

 

page.php?go=index

 

after you go at ( page.php?go=index ) your code at page.php read all index.php code and load at screen

its very east

at end you can make check file at page.php for 404 err or .... by check the file :)

thanks all

Share this post


Link to post
Share on other sites

I need help with a page of mine. I use WML and PHP together since I only make WAP sites (sites for mobile devices) and I can't get this one page right. Here is an example:

echo "<card id=\"firstpage\" title=\"site\">";echo "<p>\n";echo "<small>\n";echo "text\n";echo "<a href=\"page.php?what goes here????\">next page</a>echo "</small>\n";echo "</p>";echo "</card>";//NEXT PAGEecho "<card id=\"nextpage\" title=\"site\">";echo "<p>\n";echo "<small>\n";echo "text\n";echo "</small>\n";echo "</p>";echo "</card>";
Any help would be appreciated.
Edited by juice (see edit history)

Share this post


Link to post
Share on other sites

using this type of php programming to load a page is kind of dangerous because you can potentially link to outside sites simply by entering it in the url. if you do your site this way you have to make it more secure. If you don't someone can put a php file on their own server and run it. And running that php could mean running shell commands or something else to hack your site or the server.

Share this post


Link to post
Share on other sites

Well you couuld use a little security stuff.Like if you know the value of the $_GET['act'] is a Number you could use the is_numeric function that checks whether the $_GET['act'] is a number or no.This is because all the GET and POST VARS are treated as only strings and not numbers , integers or float values.You could also use the trim() function to trim white spaces in the value of the GET VAR or ARRAY Value.Also importantly use htmlentities() function of PHP to convert characters that could confuse either PHP or MySQL in case you are using it.If you dont do this then someone could make a MySQL injection attack or could confuse PHP to give you E_ERROR and then your script fails.Hence one must ensure safety in such a way.Hope this information was useful to you guys.

Share this post


Link to post
Share on other sites

<?php$go = $_GET['gi'];include "$go.php";?>
Never, ever, ever, ever do this. Ever! Anyone with even the most basic of PHP knowledge could use this to break into your site and/or reveal sensitive information. Combined with the so-called null poison byte, files which would otherwise be protected such as .htpasswd could easily be revealed (file.php?gi=protected_directory/.htpasswd%00), or files executed that you don't want to be executed. You absolutely must always sanitize user input, no matter what it is or how insignificant or unabusable you think it may be - everything from GET values to a cookie's content and other header information has to be checked before being used.

Share this post


Link to post
Share on other sites

@cwaldenYou make a very clear explanation of what to do which is good, what you don't do is say why this method is better than just making totally separate pages?So please could you/someone say, I would be interested in knowing.

Share this post


Link to post
Share on other sites

what you don't do is say why this method is better than just making totally separate pages?


Yacoby, using the php query string is only one way to manage a php based site. Typically, there is only one "page" and the "content" for the page is altered based on the value of the query string.

Using this method to simply accept the value as input by the user, as Spectre points out, can be very dangerous. Imagine if they inserted the name of a file which contains all of your database passwords and usernames? Maybe even your cpanel name and password, etc... not that you would keep that information inside your account files, right?

Click on the link in my siggy to review a template (not the zip file) which I have used a similar, but "more secure" method. What I do in my Template is check the query string value (what comes after the question mark) and evaluate it against the contents of an array which includes a list of the 'acceptable values'. If the query string is in the array, the page is displayed, otherwise, the index page is viewed.
?>

Source Code

<?php

$submit = $_GET

;


if( !isset($_GET

) ) {
if (file_exists($data_array[0] . '.txt' )) {
include ( $data_array[0] . '.txt' );
}
else {
include ('index.txt');
}
}
elseif (in_array($submit , $data_array)) {
if (file_exists($submit . '.txt' )) {
include ( $submit . '.txt' );
}
else {
include ('index.txt');
}
}
else {
if (file_exists($data_array[0] . '.txt' )) {
include ( $data_array[0] . '.txt' );
}
else {
include ('index.txt');
}
}
?>


linenums:0'>Menu Array<?php$data_array = array('index', 'one', 'two', 'three', 'four', 'five', 'contact');?>Source Code<?php$submit = $_GET

;if( !isset($_GET

) ) { if (file_exists($data_array[0] . '.txt' )) { include ( $data_array[0] . '.txt' ); } else { include ('index.txt'); } } elseif (in_array($submit , $data_array)) { if (file_exists($submit . '.txt' )) { include ( $submit . '.txt' ); } else { include ('index.txt'); } } else { if (file_exists($data_array[0] . '.txt' )) { include ( $data_array[0] . '.txt' ); } else { include ('index.txt'); } }?>
Admittedly, this is not an ideal solution. I should probably 'sanitize' the input string, too, but it has never (yet) caused me any grief.

Review the template by clicking the link in my sig and if you wish to download the zip file, by all means, do so.

Share this post


Link to post
Share on other sites

An easier method is simply to have all the 'acceptable' values listed in the database along with your content, and after sanitizing the GET value, using it to retrieve the information. This way you can have greater control over your pages from whatever you use to manage your content. Quick example:

$value = isset($_GET['value']) ? $_GET['value'] : 'index';$value = get_magic_quotes_gpc() ? stripslashes($value) : $value;$result = mysql_query('SELECT * FROM page_content WHERE page = \'' . mysql_real_escape_string($value) . '\'');

(Note that stripslashes() is used just to avoid conflict with mysql_real_escape_string()).
Edited by Spectre (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.