How To Create Php Navigation(page.php?go=whatever)

cwalden

Jul 26 2006, 09:09 AM

How to create php navigation(page.php?go=whatever)

First, check if you web hoster offers php support (most people would anyway).
Now create a new file called index.php (if you already have a file called index, rename it to index2.php)
Now enter <?php
on a newline enter: switch ($go) {
enter: case "(whatever you like)":
enter: require ('(whatever your file is called.php/htm/html)');
now enter: break
Repeat the last couple of steps until you are finished.
Now you need to set the default value(if people type ?go=something-you-didnt-set-as-a-value)
now finally enter: default:
then enter: require ('index2.php/htm/html');}?>

So the final code would look like:

CODE

<?php
switch ($go) {
case "1":
require ('1.php');
break;
case "2":
require ('2.php');
break;
case "3":
require ('3.php');
break;
default:
require ('index2.php');}
?>

electron

Jul 28 2006, 04:13 AM

Well to enhance the usability Why are u including different files every time.
Rather just call a function you have written for every page.

Wouldnt that be Easy ?

farsiscript

Jul 28 2006, 04:52 PM

Hi all

Use this code , its easy and fast for "n" page

at first make page.php with notepad and then save this code at page.php :

CODE

<?php
$go = $_GET['gi'];
include "$go.php";
?>

its very easy for example if you have index.php
at url you must use this address :

page.php?go=index

after you go at ( page.php?go=index ) your code at page.php read all index.php code and load at screen
its very east
at end you can make check file at page.php for 404 err or .... by check the file

thanks all

juice

Sep 25 2006, 12:32 AM

I need help with a page of mine. I use WML and PHP together since I only make WAP sites (sites for mobile devices) and I can't get this one page right. Here is an example:

CODE

echo "<card id=\"firstpage\" title=\"site\">";
echo "\n";
echo "\n";
echo "text\n";
echo "<a href=\"page.php?what goes here????\">next page</a>
echo "\n";
echo "";
echo "</card>";

//NEXT PAGE

echo "<card id=\"nextpage\" title=\"site\">";
echo "\n";
echo "\n";
echo "text\n";
echo "\n";
echo "";
echo "</card>";

Any help would be appreciated.

no9t9

Sep 25 2006, 03:34 AM

using this type of php programming to load a page is kind of dangerous because you can potentially link to outside sites simply by entering it in the url. if you do your site this way you have to make it more secure. If you don't someone can put a php file on their own server and run it. And running that php could mean running shell commands or something else to hack your site or the server.

electron

Sep 25 2006, 03:49 AM

Well you couuld use a little security stuff.
Like if you know the value of the $_GET['act'] is a Number you could use the is_numeric function that checks whether the $_GET['act'] is a number or no.This is because all the GET and POST VARS are treated as only strings and not numbers , integers or float values.

You could also use the trim() function to trim white spaces in the value of the GET VAR or ARRAY Value.
Also importantly use htmlentities() function of PHP to convert characters that could confuse either PHP or MySQL in case you are using it.
If you dont do this then someone could make a MySQL injection attack or could confuse PHP to give you E_ERROR and then your script fails.

Hence one must ensure safety in such a way.
Hope this information was useful to you guys.

Spectre

Sep 25 2006, 06:45 AM

QUOTE(farsiscript @ Jul 29 2006, 02:52 AM)

CODE

<?php
$go = $_GET['gi'];
include "$go.php";
?>

Never, ever, ever, ever do this. Ever! Anyone with even the most basic of PHP knowledge could use this to break into your site and/or reveal sensitive information. Combined with the so-called null poison byte, files which would otherwise be protected such as .htpasswd could easily be revealed (file.php?gi=protected_directory/.htpasswd%00), or files executed that you don't want to be executed. You absolutely must always sanitize user input, no matter what it is or how insignificant or unabusable you think it may be - everything from GET values to a cookie's content and other header information has to be checked before being used.

Yacoby

Sep 25 2006, 05:32 PM

@cwalden

You make a very clear explanation of what to do which is good, what you don't do is say why this method is better than just making totally separate pages?

So please could you/someone say, I would be interested in knowing.

jlhaslip

Sep 25 2006, 06:21 PM

QUOTE(Yacoby @ Sep 25 2006, 11:32 AM)

what you don't do is say why this method is better than just making totally separate pages?

Yacoby, using the php query string is only one way to manage a php based site. Typically, there is only one "page" and the "content" for the page is altered based on the value of the query string.

Using this method to simply accept the value as input by the user, as Spectre points out, can be very dangerous. Imagine if they inserted the name of a file which contains all of your database passwords and usernames? Maybe even your cpanel name and password, etc... not that you would keep that information inside your account files, right?

Click on the link in my siggy to review a template (not the zip file) which I have used a similar, but "more secure" method. What I do in my Template is check the query string value (what comes after the question mark) and evaluate it against the contents of an array which includes a list of the 'acceptable values'. If the query string is in the array, the page is displayed, otherwise, the index page is viewed.

CODE

Menu Array

<?php
$data_array = array('index', 'one', 'two', 'three', 'four', 'five', 'contact');
?>

Source Code

<?php

$submit = $_GET[page];


if( !isset($_GET[page])   ) {
				if (file_exists($data_array[0] . '.txt' )) {
				include ( $data_array[0] . '.txt' );
				}
				else {
					include ('index.txt');
				}
		}
		elseif (in_array($submit , $data_array)) {
				if (file_exists($submit . '.txt' )) {
				include ( $submit . '.txt' );
				}
				else {
					include ('index.txt');
				}
		}
		else {
				if (file_exists($data_array[0] . '.txt' )) {
				include ( $data_array[0] . '.txt' );
				}
				else {
					include ('index.txt');
				}
		}
?>

Admittedly, this is not an ideal solution. I should probably 'sanitize' the input string, too, but it has never (yet) caused me any grief.

Review the template by clicking the link in my sig and if you wish to download the zip file, by all means, do so.

Spectre

Sep 25 2006, 10:38 PM

An easier method is simply to have all the 'acceptable' values listed in the database along with your content, and after sanitizing the GET value, using it to retrieve the information. This way you can have greater control over your pages from whatever you use to manage your content. Quick example:

CODE

$value = isset($_GET['value']) ? $_GET['value'] : 'index';
$value = get_magic_quotes_gpc() ? stripslashes($value) : $value;
$result = mysql_query('SELECT * FROM page_content WHERE page = \'' . mysql_real_escape_string($value) . '\'');

(Note that stripslashes() is used just to avoid conflict with mysql_real_escape_string()).

ADD REPLY / Got an Opinion!	a humble request :-)	RAPID SEARCH!	Free Hosting	[X]
Express your Opinions, Thoughts or Contribute your information that might help someone here. Ask your Doubts & Queries to get answers.. "Together, We enlight each other!"	Register FREE for AD-FREE forum, Create your own topics, Ask Questions, track topics, setup subscriptions & notifications and Get a Free Website w/ Email and FTP.		500MB Space No Ads, CPanel, FTP, PHP, MySQL, EMails - 100% FREE