php question
ok so i got a code that goes like this
<?php
switch ($site) {
case home:
include("head.php");
include("news.php");
include("foot.php");
break;
case contact:
include("head.php");
include("contact.php");
include("foot.php");
break;
and so on
}
?>
now the question is, how do i get it to work? i guess i have to configure the mysql database so i have this $site var so it knows what to load. im looking at this phpMyAdmin menu right now and its pretty confusing.
Anulien
20 years ago
Need to see the part where $site is set. It will be like $site = $_REQUEST[" or something similiar.
drizzi
20 years ago
where do i set this? =P
Vex
20 years ago
drizz...
uhh...
i guess you know nothing of PHP & MySQL...
do this instead...
paste that to ... index.php or something
then link it like index.php?site=links
it'd include links.php
a breakdown of the code :
uhh...
i guess you know nothing of PHP & MySQL...
do this instead...
<?
extract ($_GET);
include ("head.php");
if (!$site) {
$site= "home";
}
if (file_exists($site.".php")) {
include ($site.".php");
}
else {
echo "Under Contstruction";
}
include("foot.php");
?>
paste that to ... index.php or something
then link it like index.php?site=links
it'd include links.php
a breakdown of the code :
if (!$site) {
$site= "home";
}
// it means if $site is empty or doesnt exist, set it to "home"
if (file_exists($site.".php")) {
include ($site.".php");
}
// if the file exists, include it, by default its "home"
else {
echo "Under Contstruction";
}
// if the file doesnt exist, instead of displaying an error, displays a not available msg
Anulien
20 years ago
People who use extract or registered globals for request variables should be fired irl.
<?php
$site = isset($_REQUEST['site']) ? $_REQUEST['site'] : 'home';
include ("head.php");
if (file_exists($site.".php")) {
include ($site.".php");
}
else {
echo "Under Contstruction";
}
include("foot.php");
?>
drizzi
20 years ago
got it to work. now i can continue implementing content. oh joy 8)
you guys rock
you guys rock
Vex
20 years ago
and why is that, oh wise one?
Anulien
20 years ago
well grasshoper, you are trusting first of all that you are not overwriting predefined variables on the symbol table and also you are automagically adding completetly unknown values to the table trusting that the data will be sane; which has always led to nothing but overflows and arbitary code execution. not to mention magically creating variables for data you have no idea about has to be the worst programming practice ever with a capital period.
ROzbeans
20 years ago
That just hurt my brain.
Gilae
20 years ago
Sexy.
Vex
20 years ago
well if ya dont know what you're extracting, then you shouldn't even bother with playing with the code.
i happen to know what i extract, but i guess my expectations for others to know it are too high.
i happen to know what i extract, but i guess my expectations for others to know it are too high.
Anulien
20 years ago
which is why i said people who think this way should be fired irl. if you know what your expected variables are then call yourself; dont trust automagic functions to modify your symbol table. There is a reason why registered globals is being depreciated and this function does exactly what registered globals did.
Reusing a command to do the same thing because registered globals is off just reintroduces the same reasons they are trying to get rid of it. I guess expetations of people referencing the superglobals ($_GET, $_POST, $_SESSION) instead of being lazy and using extract and registered globals is too high since that is exactly why they were written.
Vex
well if ya dont know what you're extracting, then you shouldn't even bother with playing with the code.
i happen to know what i extract, but i guess my expectations for others to know it are too high.
which is why i said people who think this way should be fired irl. if you know what your expected variables are then call yourself; dont trust automagic functions to modify your symbol table. There is a reason why registered globals is being depreciated and this function does exactly what registered globals did.
From PHP Dev's
When on, register_globals will inject (poison) your scripts will all sorts of variables, like request variables from HTML forms. This coupled with the fact that PHP doesn't require variable initialization means writing insecure code is that much easier. It was a difficult decision, but the PHP community decided to disable this directive by default. When on, people use variables yet really don't know for sure where they come from and can only assume. Internal variables that are defined in the script itself get mixed up with request data sent by users and disabling register_globals changes this.
Reusing a command to do the same thing because registered globals is off just reintroduces the same reasons they are trying to get rid of it. I guess expetations of people referencing the superglobals ($_GET, $_POST, $_SESSION) instead of being lazy and using extract and registered globals is too high since that is exactly why they were written.
Anulien
20 years ago
Even the php devs agree.
http://us2.php.net/manual/en/function.extract.php
And they even mention the only reason to use the function on superglobals is for a temporary means to mimic register_globals while porting to more updated code.
http://us2.php.net/manual/en/function.extract.php
PHP Site
Do not use extract() on untrusted data, like user-input ($_GET, ...).
And they even mention the only reason to use the function on superglobals is for a temporary means to mimic register_globals while porting to more updated code.
drizzi
20 years ago
scary