How To Create Php Navigation(page.php?go=whatever)

[cwalden 0]

How to create php navigation(page.php?go=whatever)

First, check if you web hoster offers php support (most people would anyway).

Now create a new file called index.php (if you already have a file called index, rename it to index2.php)

Now enter <?php

on a newline enter: switch ($go) {

enter: case "(whatever you like)":

enter: require ('(whatever your file is called.php/htm/html)');

now enter: break

Repeat the last couple of steps until you are finished.

Now you need to set the default value(if people type ?go=something-you-didnt-set-as-a-value)

now finally enter: default:

then enter: require ('index2.php/htm/html');}?>

So the final code would look like:

<?phpswitch ($go) {case "1":require ('1.php');break;case "2":require ('2.php');break;case "3":require ('3.php');break;default:require ('index2.php');}?>

[electron 0]

Well to enhance the usability Why are u including different files every time.Rather just call a function you have written for every page.Wouldnt that be Easy ?

[farsiscript 0]

Hi all

 

Use this code , its easy and fast for "n" page

at first make page.php with notepad and then save this code at page.php :

 

<?php$go = $_GET['gi'];include "$go.php";?>

its very easy for example if you have index.php

at url you must use this address :

 

page.php?go=index

 

after you go at ( page.php?go=index ) your code at page.php read all index.php code and load at screen

its very east

at end you can make check file at page.php for 404 err or .... by check the file

thanks all

[juice 0]

I need help with a page of mine. I use WML and PHP together since I only make WAP sites (sites for mobile devices) and I can't get this one page right. Here is an example:

echo "<card id=\"firstpage\" title=\"site\">";echo "<p>\n";echo "<small>\n";echo "text\n";echo "<a href=\"page.php?what goes here????\">next page</a>echo "</small>\n";echo "</p>";echo "</card>";//NEXT PAGEecho "<card id=\"nextpage\" title=\"site\">";echo "<p>\n";echo "<small>\n";echo "text\n";echo "</small>\n";echo "</p>";echo "</card>";

Any help would be appreciated.
Edited September 25, 2006 by juice (see edit history)

[no9t9 0]

using this type of php programming to load a page is kind of dangerous because you can potentially link to outside sites simply by entering it in the url. if you do your site this way you have to make it more secure. If you don't someone can put a php file on their own server and run it. And running that php could mean running shell commands or something else to hack your site or the server.

[electron 0]

Well you couuld use a little security stuff.Like if you know the value of the $_GET['act'] is a Number you could use the is_numeric function that checks whether the $_GET['act'] is a number or no.This is because all the GET and POST VARS are treated as only strings and not numbers , integers or float values.You could also use the trim() function to trim white spaces in the value of the GET VAR or ARRAY Value.Also importantly use htmlentities() function of PHP to convert characters that could confuse either PHP or MySQL in case you are using it.If you dont do this then someone could make a MySQL injection attack or could confuse PHP to give you E_ERROR and then your script fails.Hence one must ensure safety in such a way.Hope this information was useful to you guys.

[Spectre 0]

<?php$go = $_GET['gi'];include "$go.php";?>

Never, ever, ever, ever do this. Ever! Anyone with even the most basic of PHP knowledge could use this to break into your site and/or reveal sensitive information. Combined with the so-called null poison byte, files which would otherwise be protected such as .htpasswd could easily be revealed (file.php?gi=protected_directory/.htpasswd%00), or files executed that you don't want to be executed. You absolutely must always sanitize user input, no matter what it is or how insignificant or unabusable you think it may be - everything from GET values to a cookie's content and other header information has to be checked before being used.

[Yacoby 0]

@cwaldenYou make a very clear explanation of what to do which is good, what you don't do is say why this method is better than just making totally separate pages?So please could you/someone say, I would be interested in knowing.

[jlhaslip 4]

---

what you don't do is say why this method is better than just making totally separate pages?

Yacoby, using the php query string is only one way to manage a php based site. Typically, there is only one "page" and the "content" for the page is altered based on the value of the query string.

Using this method to simply accept the value as input by the user, as Spectre points out, can be very dangerous. Imagine if they inserted the name of a file which contains all of your database passwords and usernames? Maybe even your cpanel name and password, etc... not that you would keep that information inside your account files, right?

Click on the link in my siggy to review a template (not the zip file) which I have used a similar, but "more secure" method. What I do in my Template is check the query string value (what comes after the question mark) and evaluate it against the contents of an array which includes a list of the 'acceptable values'. If the query string is in the array, the page is displayed, otherwise, the index page is viewed.

?>

Source Code

<?php

$submit = $_GET

---

;


if( !isset($_GET

---

) ) {
if (file_exists($data_array[0] . '.txt' )) {
include ( $data_array[0] . '.txt' );
}
else {
include ('index.txt');
}
}
elseif (in_array($submit , $data_array)) {
if (file_exists($submit . '.txt' )) {
include ( $submit . '.txt' );
}
else {
include ('index.txt');
}
}
else {
if (file_exists($data_array[0] . '.txt' )) {
include ( $data_array[0] . '.txt' );
}
else {
include ('index.txt');
}
}
?>


linenums:0'>Menu Array<?php$data_array = array('index', 'one', 'two', 'three', 'four', 'five', 'contact');?>Source Code<?php$submit = $_GET

---

;if( !isset($_GET

---

) ) { if (file_exists($data_array[0] . '.txt' )) { include ( $data_array[0] . '.txt' ); } else { include ('index.txt'); } } elseif (in_array($submit , $data_array)) { if (file_exists($submit . '.txt' )) { include ( $submit . '.txt' ); } else { include ('index.txt'); } } else { if (file_exists($data_array[0] . '.txt' )) { include ( $data_array[0] . '.txt' ); } else { include ('index.txt'); } }?>
Admittedly, this is not an ideal solution. I should probably 'sanitize' the input string, too, but it has never (yet) caused me any grief.

Review the template by clicking the link in my sig and if you wish to download the zip file, by all means, do so.

[Spectre 0]

An easier method is simply to have all the 'acceptable' values listed in the database along with your content, and after sanitizing the GET value, using it to retrieve the information. This way you can have greater control over your pages from whatever you use to manage your content. Quick example:

$value = isset($_GET['value']) ? $_GET['value'] : 'index';$value = get_magic_quotes_gpc() ? stripslashes($value) : $value;$result = mysql_query('SELECT * FROM page_content WHERE page = \'' . mysql_real_escape_string($value) . '\'');

(Note that stripslashes() is used just to avoid conflict with mysql_real_escape_string()).
Edited September 25, 2006 by Spectre (see edit history)

[juice 0]

In response to my previous post: I am not seeking advice anymore, thank you for your time.