Jump to content
xisto Community
Sign in to follow this  
Alexandre Cisneiros

[php] Index.php?section=xx&pag=yy No MySQL or any other database

Recommended Posts

Hi everybody. This is my 3rd script, but this dont use MySQL

It does this: divide the site in SECTIONS and PAGES.


-You have to create just the text of your pages, no create ech page with the entire layout again.

-If its just the text that is included, you just have to have one page with the layout, witch is the INDEX.PHP.

-If you chanche the layout in the index.php, you DONT HAVE TO change in the other pages.


Here is the code:

<?php //-----------------------------------------// //ACAF Paginação                           // //by Alexandre Cisneiros                   // //-----------------------------------------// $section2=$_GET['section']; $page2=$_GET['page']; if(file_exists("$section2/$page2.php")){ include("$section2/$page2.php"); } else if($section2 != '' && $page2 == ''){     if(file_exists("$section2/index.php")){     include("$section2/index.php");     } } else if($section2 == "index"  || $section2 == "home" || $section2 == "default" || $section2 == ''){ include("main_page.php"); } else{ echo ("404: The page was not found."); } ?>
How to use:

If you want to have a page caled 'my_book.php' in the directory 'library', you can create a link like this:


or just



To crate a link to the index, you have 4 options:

http://ww38.yoursite.com/ ----JUST THE SITE ADRESS, WITH NOTHIS AFTER IT




This will load a page called PRINCIPAL.PHP (lower case)


To create a link to the INDEX.PHP (lower case) of some SECTION, do this:


This will include the index.php of the directory MY_SECTION (lower case, again, B) )



-The files HAVE TO BE IN .php !

-The falis MUST

Edited by Alexandre Cisneiros (see edit history)

Share this post

Link to post
Share on other sites

You shouldn't do this. And it should be obvious why.

You see, anyone can put anything in the URL, loading and executing any file with .php extension on the server. If you are on a shared hosting space some one could easily set up a malicious script to his own home directory and just use the section variable to navigate to right place and run the code. With your scipt...

To make things even worse, with PHP5. flle_exists works with URLs too. So with this script it is possible to load any script from anywhere inside your page.

And please don't forget that PHP can be used to run system commands, meaning that doing practiacally anything is possible. For instance it would be easy to delete your entire website.

So how this should be done then?

By allowing only pre-defined files to be included. You could put the allowed files (the PHP files that make up your website) in an array and use the array index in the URL GET variable to include the right page. For secions you could use multi-dimensional arrays or multiple arrays. Other option would be just use control structures like if() or switch() to load only specific pages: like this

switch($_GET['page'] ){   case index:   include(index.php);   break;   case links:   include(links.php);   break; // etc...}

Share this post

Link to post
Share on other sites

Unfortunately your code won't work correctly.

Here's a fixed up version with a few additional things to check for:

<?phpif(isset($_GET['page'])){	$page = (!empty(trim($_GET['page'])))? trim($_GET['page']) : false;	if(!page){ exit(); }	switch($page){		case 'news':			include('news.php') or exit('<p>Sorry, the news page is missing.</p>');			break;		case 'contact':			include('contact.php') or exit('<p>Sorry, the contact page is missing.</p>');			break;		default:			include('main.php');			break;	}}?>

The changes for the fix, is that we're using the switch statement to check strings, which was incorrect with Hercco's code.

Also setting the $page variable uses the ternary operator ?: which acts as a single if/else statement. e.g. it could be written as:

if(!empty(trim($_GET['page'))){	$page = trim($_GET['page']);}else{	$page = false;}

The reason for exiting the script, is because there's really nothing to do, and loading the default isn't something that they may want. However if the page requested is not one of the listed, then the default will load the main content, because obviously the changes would have been made manually, and you should have hardcoded what you wanted specified.



Share this post

Link to post
Share on other sites

You're showing off by this one that much as if you were the one who discovered it. I think, most of the people visitin' that topic use this one. And this is one of the biggest PHP's advantages.P.S. Sorry, I was a bit rude to you, but I really dislike people showin' off for nothing.

Share this post

Link to post
Share on other sites

Hey nice work :o


Although I have not totally understoood the script, but I have copied it and I gonna play with it now .... :P


I hope that I will have no problems .....


If I came up with some problem, than I will mention here :o




Samya Khalid

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.