Function page (index.php?page=home)

na mojom webe je spravená funkcia

<?php @$p = $_GET['page']; $page = "page/".$p.".php"; if(file_exists($page)) include($page); elseif($page=="") echo 'home'; else include 'page/404.html'; ?>

chcem spraviť ten istí system na games.php ale my tam napíše chybu. budem rad za každú radu


<?php @$c = $_GET['cat']; $cat = "cat/".$c.".php"; if(file_exists($cat)) include($cat); elseif($cat=="") echo 'home'; else include 'page/404.html'; ?>

If you are getting an error, you would need to post it to get any help.

Next, that code is insecure as it will allow directory traversal to be used to include any .php file. External data can be anything and cannot be trusted. You must validate all external data before using it. You should not use the @ error suppressor, but use functions like isset() or !empty() to test if a variables exists. You must validate that the $p value is exactly a permitted choice and checking if the file in $page exists is not enough, since a file reached by adding a relative path after the page/ folder will eventually match something and will exist.

Edit: the posted code contains a logic mistake. At the point it is testing if $page == ‘’, $page will never be empty. If you want the default page to be ‘home.php’, you would use logic to set $p to ‘home’ if there is no $_GET[‘page’] or it is empty.

1 Like
Sponsor our Newsletter | Privacy Policy | Terms of Service