dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16
share rss forum feed


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7
reply to Ashke

Re: Please help me make something like site.com/?p=pagetwo

said by Ashke:

So how would I do that?

Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.

Go here and search for "php sanitize input", "php regular expression", "php strip special characters", etc.

If you have specific problems or questions, we can help. And if you don't understand why something is (or isn't) working as it does we can try to explain. But we won't generally do your programming for you.


Ashke
Flips page and continues reading
Premium
join:2007-09-11
Minneapolis, MN

So much for help :P Just kidding... I guess I gotta do some work.

I'm just brand new to PHP and trying to construct a *.php website rather than using the old fashioned extension *.html.
--
-Ashke



Ashke
Flips page and continues reading
Premium
join:2007-09-11
Minneapolis, MN
reply to cdru

said by cdru:

[...]
Go here and search for "php sanitize input", "php regular expression", "php strip special characters", etc.
[...]

The quote above reminds me of this particular webcomic link... http://xkcd.com/327/
--
-Ashke


Ashke
Flips page and continues reading
Premium
join:2007-09-11
Minneapolis, MN
reply to cdru

said by cdru:

said by Ashke:

So how would you recommend to sanitize it?

At a minimum, I'd strip out any non-alpha-numeric characters. I'd also put all the articles or pages in a subdirectory and force that path to be prepended to the page you're building. By stripping out characters, you prevent a path of "../path/to/some/other/file" from being the parameter. It just gets becomes "pathtosomeotherfile" which won't exist.

said by Ashke:

So I should do something like generateMenu()?

That's just a helper function the author of that post created. What he's outlined in his post is a very crude template system. It will work, but it's...crude. If you're trying to learn PHP, then there's nothing wrong with that. If you're doing some rinky dink website to just play around, then there's nothing wrong with that. If you're looking to do this with a real website, you might want to read up more with PHP and get a better understanding of how things work.

So... How about something like this?

index.php
<?php require_once('engines/genMenu.php'); ?>
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title><?php echo substr($_SERVER['REQUEST_URI'],1) ?></title>
 
<link rel="stylesheet" type="text/css" href="../css/main.css"/>
</style>
</head>
 
<body>
<div id="header">
<?php require_once('include/header.php'); ?>
</div>
<div id="content">
<?php 
$default = 'error404'; //Default page
$page = isset($_GET['p']) ? $_GET['p'] : $default; //Checks if ?p exists.
$page = basename($page); //Gets the name only, Not directory.
if (!file_exists($page.'.php'))    { //Checks if the file doesn't exist 
$page = $default; //If it doesn't, it'll revert back to the default page 
}
require($page.'.php'); //And now it's on your page!
?>
</div>
</body>
</html>
 

header.php
<div id="header">
<h1>Robert Plagge</h1>
<h2>What exists about me... Ye can't know!</h2>
<div class="nav">
<?php generateMenu() ?>
</div>
</div>
 

genMenu.php
<?php
$menu = array(); 
$menu['home'] = 'Home';
$menu['about'] = 'About';
$menu['contact'] = 'Contact Me';
$menu['sitemap'] = 'Site Map';
//Add in the format of: $menu['page name'] = 'Page Title'; 
 
$title='Home'; //Default title 
 
function generateMenu()    { 
global $menu,$default,$title; 
$error = '<span class="error">There has been an error</span>';
echo '    <ul>'; 
$p = isset($_GET['p']) ? $_GET['p'] : $default; 
foreach ($menu as $link=>$item)    { 
$class='';
$newLink = $link;
if(filter_var($newLink, FILTER_SANITIZE_STRING)){
 
if ($link==$p)    { 
$class=' class="selected"'; 
$title=$item; 
}
}
else{
die($error);
}
echo '<li><a href="?p='.$link.'"'.$class.'>'.$item.'</a></li>'; 
} 
echo '</ul>';
} 
?>
 

--
-Ashke


cdru
Go Colts
Premium,MVM
join:2003-05-14
Fort Wayne, IN
kudos:7

Don't worry about generating the menu. The sanitizing of the input there doesn't really matter as you aren't loading scripts/resources based on the query string.

The use of basename() in line 20 of your index page prevents directory traversal. It still would allow for other php to be called though even though you may not want them to be. I'd put all your content pages in a subdirectory (e.g. "pages") and only have content pages there. So change line 20 to

$page = "pages\".basename($page); 
 


Ashke
Flips page and continues reading
Premium
join:2007-09-11
Minneapolis, MN

Awesome! Thanks for helping out!

Sorry it took me a while to respond. I've been swamped with work and other stuff, including web dev.
--
-Ashke