/    Sign up×
Community /Pin to ProfileBookmark

Parse error, on detect id, what am I doing wrong?

Copy linkTweet thisAlerts:
Aug 09.2004

say the url is quote.php?state=mt
so get id = mt
i want it to pull ../includes/php/state/mt.php
do I have the script right?

[code=php]
<?php

$state = $_GET[‘state’];
include(../includes/php/state/$state.php);

?>
[/code]

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@BuezaWebDevAug 09.2004 — [code=php]

<?php
if(isset($_GET['state'])){
if(file_exists("includes/php/state/$_GET[state].php")){
include_once("includes/php/state/$_GET[state].php"); }
else{
include_once("main.php");
}
}
else{
include_once("main.php");
}
?>

<a href='index.php?state=WHATEVERHERE' title='whatever'>MT</a>
[/code]

For the script above, your index.php will include JUST that script.

Your main page will be main.php, and it willb e included into index.php as if index.php was the actual main page. If you get what I mean... hehe

So when you type click index.php?state=whatever, it'll check if there's a page in the folders includes/php/state/<name>.php--if it doesn't exist, it'll go back to the MAIN.php.

Reply back if I understood wrongly.
Copy linkTweet thisAlerts:
@d_brandusaauthorAug 09.2004 — I just wanted it to pull one include, I didn't need all of that.

The reason is, I have a flash us map, whatever state they click on, I want the "state" id to be read to include info per state, the file will exist, I'm not worried about that, i just want it to pull and place the state info in the url.

Thanks.
Copy linkTweet thisAlerts:
@shimonAug 10.2004 — [code=php]<?php

$state = $_GET['state'];
include(../includes/php/state/$state.php);

?>[/code]

And you can't see the security risk in there? I would recommend you do _some_ sort of checking on the input before you blindly drop it into an include statement, at least. file_exists() is certainly better than nothing.








(Either that, or give me the URL of the page you put *that* code on...heh)
Copy linkTweet thisAlerts:
@BuezaWebDevAug 10.2004 — thanks for the backup Shimon ?

Aye, yes, in the simplist way, it can stop newbie hackers from mysql injecting ?
×

Success!

Help @d_brandusa spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.3,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,

tipper: @Samric24,
tipped: article
amount: 1000 SATS,
)...