[SOLVED] $_GET['ting'] Pages (Safely) With PHP

AdRock · #1 Nov 4th, 2007, 14:12

Having some problems with this article

Quote:

[Sun Nov 04 15:10:56 2007] [error] PHP Parse error: syntax error, unexpected ')' in d:\\Apache\\htdocs\\test\\index.php on line 6

and this is the line in question

PHP: Select all


$page=(preg_match('/(\.\.|\/)/i',)?'home':$page);

Any ideas?

alexgeek · #2 Nov 4th, 2007, 14:26

Maybe the following?

PHP: Select all



$page=(preg_match('/(\.\.|\/)/i'),?'home':$page);

AdRock · #3 Nov 4th, 2007, 14:52

Nope...didn't work

Quote:

[Sun Nov 04 15:50:35 2007] [error] PHP Parse error: syntax error, unexpected ',' in d:\\Apache\\htdocs\\test\\index.php on line 6

what did work however is if i took the comma out it displayed the menu but didn't include the home page (i'm just working with the examples in the article)

c010depunkk · #4 Nov 4th, 2007, 15:15

yep, there's an error there. sorry bout that

It should be:

PHP: Select all


$page=(preg_match('/(\.\.|\/)/i',$page)?'home':$page);

alexgeek · #5 Nov 4th, 2007, 16:05

I'll change this in a minute guys.

alexgeek · #6 Nov 4th, 2007, 16:29

Fixed! Shame on our tester

AdRock · #7 Nov 5th, 2007, 12:34

Alex....you need to change that bit in the finished code also becuase that still reads the same

alexgeek · #8 Nov 5th, 2007, 15:21

Okay will now.

alexgeek · #9 Nov 5th, 2007, 17:03

Fixed (I think).

AdRock · #10 Nov 5th, 2007, 19:59

Still getting problems

Quote:

[Mon Nov 05 20:59:41 2007] [error] PHP Warning: main(./pageserror.php) [<a href='function.main'>function.main</a>]: failed to open stream: No such file or directory in d:\\Apache\\htdocs\\test\\index.php on line 15
[Mon Nov 05 20:59:41 2007] [error] PHP Warning: main() [<a href='function.include'>function.include</a>]: Failed opening './pageserror.php' for inclusion (include_path='.;d:\\php\\includes;D:\\php\\PEAR') in d:\\Apache\\htdocs\\test\\index.php on line 15
[Mon Nov 05 20:59:41 2007] [error] PHP Notice: Undefined variable: title in d:\\Apache\\htdocs\\test\\index.php on line 19
[Mon Nov 05 20:59:41 2007] [error] PHP Notice: Undefined variable: content in d:\\Apache\\htdocs\\test\\index.php on line 33

I noticed some of the code doesn't match futher up the page than further down the page in the finished bit

c010depunkk · #11 Nov 6th, 2007, 05:28

I think you are missing a slash:

Code: Select all

./pageserror.php

should probably be this:

Code: Select all

./pages/error.php

AdRock · #12 Nov 6th, 2007, 08:54

This is what I have

PHP: Select all


<?php
// check the $_GET['page'] variable
$page = ((isset($_GET['page']) && $_GET['page'] != '') ? $_GET['page'] : 'home');
//  prevent file browsing
$page=(preg_match('/(\.\.|\/)/i',$page)?'home':$page);
// replace illegal characters
$page = preg_replace('/[^a-zA-Z0-9 \._-]/','',$page);
// check if the requested file exists
$page = (file_exists('./pages'.$page.'.php') ? $page : 'error');
// and include the page
include('./pages'.$page.'.php');
?>
<html>
<head>
<title><?php echo($title); ?></title>
<body>
 <div class="menu">
  <ul>
   <li><a href="index.php?page=home">HOME</a></li>
   <li><a href="index.php?page=contact">CONTACT</a></li>
   <li><a href="index.php?page=links">LINKS</a></li>
   <li><a href="index.php?page=products">PRODUCTS</a></li>
  </ul>
 </div>
 <div class="content">
  <?php echo($content); ?>
 </div>
</body>
</html>

c010depunkk · #13 Nov 6th, 2007, 09:08

Yep, you're missing a slash. Corrected:

PHP: Select all


<?php
// check the $_GET['page'] variable
$page = ((isset($_GET['page']) && $_GET['page'] != '') ? $_GET['page'] : 'home');
//  prevent file browsing
$page=(preg_match('/(\.\.|\/)/i',$page)?'home':$page);
// replace illegal characters
$page = preg_replace('/[^a-zA-Z0-9 \._-]/','',$page);
// check if the requested file exists
$page = (file_exists('./pages'.$page.'.php') ? $page : 'error');
// and include the page
include('./pages/'.$page.'.php');
?>
<html>
<head>
<title><?php echo($title); ?></title>
<body>
 <div class="menu">
  <ul>
   <li><a href="index.php?page=home">HOME</a></li>
   <li><a href="index.php?page=contact">CONTACT</a></li>
   <li><a href="index.php?page=links">LINKS</a></li>
   <li><a href="index.php?page=products">PRODUCTS</a></li>
  </ul>
 </div>
 <div class="content">
  <?php echo($content); ?>
 </div>
</body>
</html>

AdRock · #14 Nov 6th, 2007, 09:59

Nearly working!!!!

I created an error page and now i get the menu listed but also the 404 error page instead of the home page.

I did the same example as in the article just for testing purposes.

I have a folder called pages with all the home, contact and 404 error page in so i don't know what the problem is

c010depunkk · #15 Nov 6th, 2007, 11:45

hehe, Missed that error too. You also have to add a slash in the file_exists() function otherwise PHP won't find the page. Corrected again:

PHP: Select all


<?php
// check the $_GET['page'] variable
$page = ((isset($_GET['page']) && $_GET['page'] != '') ? $_GET['page'] : 'home');
//  prevent file browsing
$page=(preg_match('/(\.\.|\/)/i',$page)?'home':$page);
// replace illegal characters
$page = preg_replace('/[^a-zA-Z0-9 \._-]/','',$page);
// check if the requested file exists
$page = (file_exists('./pages/'.$page.'.php') ? $page : 'error');
// and include the page
include('./pages/'.$page.'.php');
?>
<html>
<head>
<title><?php echo($title); ?></title>
<body>
 <div class="menu">
  <ul>
   <li><a href="index.php?page=home">HOME</a></li>
   <li><a href="index.php?page=contact">CONTACT</a></li>
   <li><a href="index.php?page=links">LINKS</a></li>
   <li><a href="index.php?page=products">PRODUCTS</a></li>
  </ul>
 </div>
 <div class="content">
  <?php echo($content); ?>
 </div>
</body>
</html>

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
[SOLVED] $_GET['ting'] Pages (Safely) With PHP