said by cdru:said by Ashke:So how would you recommend to sanitize it?
At a minimum, I'd strip out any non-alpha-numeric characters. I'd also put all the articles or pages in a subdirectory and force that path to be prepended to the page you're building. By stripping out characters, you prevent a path of "../path/to/some/other/file" from being the parameter. It just gets becomes "pathtosomeotherfile" which won't exist.
said by Ashke:So I should do something like generateMenu()?
That's just a helper function the author of that post created. What he's outlined in his post is a very crude template system. It will work, but it's...crude. If you're trying to learn PHP, then there's nothing wrong with that. If you're doing some rinky dink website to just play around, then there's nothing wrong with that. If you're looking to do this with a real website, you might want to read up more with PHP and get a better understanding of how things work.
So... How about something like this?
index.php<?php require_once('engines/genMenu.php'); ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title><?php echo substr($_SERVER['REQUEST_URI'],1) ?></title>
<link rel="stylesheet" type="text/css" href="../css/main.css"/>
</style>
</head>
<body>
<div id="header">
<?php require_once('include/header.php'); ?>
</div>
<div id="content">
<?php
$default = 'error404'; //Default page
$page = isset($_GET['p']) ? $_GET['p'] : $default; //Checks if ?p exists.
$page = basename($page); //Gets the name only, Not directory.
if (!file_exists($page.'.php')) { //Checks if the file doesn't exist
$page = $default; //If it doesn't, it'll revert back to the default page
}
require($page.'.php'); //And now it's on your page!
?>
</div>
</body>
</html>
header.php<div id="header">
<h1>Robert Plagge</h1>
<h2>What exists about me... Ye can't know!</h2>
<div class="nav">
<?php generateMenu() ?>
</div>
</div>
genMenu.php<?php
$menu = array();
$menu['home'] = 'Home';
$menu['about'] = 'About';
$menu['contact'] = 'Contact Me';
$menu['sitemap'] = 'Site Map';
//Add in the format of: $menu['page name'] = 'Page Title';
$title='Home'; //Default title
function generateMenu() {
global $menu,$default,$title;
$error = '<span class="error">There has been an error</span>';
echo ' <ul>';
$p = isset($_GET['p']) ? $_GET['p'] : $default;
foreach ($menu as $link=>$item) {
$class='';
$newLink = $link;
if(filter_var($newLink, FILTER_SANITIZE_STRING)){
if ($link==$p) {
$class=' class="selected"';
$title=$item;
}
}
else{
die($error);
}
echo '<li><a href="?p='.$link.'"'.$class.'>'.$item.'</a></li>';
}
echo '</ul>';
}
?>