Skip to main content
A
Anonymous
January 26, 2011
Question

How not to include a php file

  • January 26, 2011
  • 1 reply
  • 527 views

Hi there,

I have the following file call football.php.  When you view it, it pulls the football text and football navigation stuff from the dec folder and displays it on the page.

<?php

if(isset($_REQUEST['suppliers']))

{

$companies=array(

"addidas",

"nike",

"head",

"converse",

"puma",

"reebok",

);

if(in_array($_REQUEST['suppliers'],$companies))

{

include "dec/suppliers/".$_REQUEST['suppliers'].".php";

}

}

?>

<?php include "dec/football-text.php";?>

<?php include "dec/football-navigation.php";?>

An example of the football navigation.php from above looks like this:

<td><a href="<?php echo $URLPREFIX;?>/feature-football.html?&suppliers=nike"><img src="images/football2010/images/Nike.jpg" alt="Nike"></td>

<td><a href="<?php echo $URLPREFIX;?>/feature-football.html?&suppliers=reebok"><img src="images/football2010/images/Reebok.jpg" alt="Reebok"></td>

<td><a href="<?php echo $URLPREFIX;?>/feature-football.html?&suppliers=puma"><img src="images/football2010/images/Puma.jpg" alt="Puma"></td>

So to talk you through the process....
So when you are on football.php, when a person clicks on one of the hyperlinks (football-navigation.php) it pulls a football page (from the suppliers folder) and includes this content on the page.  So now you end up with THREE things on the page:  The text, the navigation, AND the football page stuff.
So what I am trying to achieve is when someone clicks on one of the football navigation links, only the football page (eg Nike) and football navigation is visible!  Therefore I do not want to include the football-text.php.
So I was wondering if someone could help me with this?
Regards
volterony22
This topic has been closed for replies.

1 reply

David_Powers
David_Powers
Inspiring
January 28, 2011

Your description doesn't make sense, because the links in the navigation points the browser to feature-football.html, not football.php.

A
Anonymous
January 28, 2011

Hi David,

Sorry, I should point out that feature-football.php does exist.

This file is a module called "football" that sits in a specific folder called "feature".  For example:

If ($_REQUEST['module']=="football")

{

$fullbody.=file_get_contents($THEMEFOLDER."/football.php");

}

The html extension is done to improve the url structure for SEO purposes.

I have found a solution to this problem.  Hopefully I have also addressed the security issues with the includes?

<?php 
if(isset($_REQUEST['suppliers'])) 

    $companies = array( 
        "addidas"
        "nike"
        "head"
        "converse"
        "puma"
        "reebok"); 
     
    if(in_array($_REQUEST['suppliers'], $companies)) 
    { 
        include "dec/suppliers/".$_REQUEST['suppliers'].".php"
   
            if(!in_array($_REQUEST['suppliers'],$companies))
                
            {
                echo "Sorry your request could not be found in the list of suppliers";
            }
            
        else
            {
                include "dec/football-navigation.php";
            }
     }
        
     else
    {
        include "dec/football-text.php";
        include "dec/football-navigation.php";
    }
}
    
?>
Kind regards
volterony22
David_Powers
David_Powers
Inspiring
January 29, 2011

volterony22 wrote:

The html extension is done to improve the url structure for SEO purposes.

That's a myth. There's nothing magical about using an .html extension.

Hopefully I have also addressed the security issues with the includes?

Looks OK to me, although using $_REQUEST is considered to be less secure than using $_GET or $_POST explicitly.

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices