?
Solved

Getting page content (Function calling)

Posted on 2004-09-12
8
Medium Priority
?
518 Views
Last Modified: 2008-02-26
Hi,
I'm making a test php website, and I have a main page ('template' - see below) with a call to include another page within it ('content_page1'):

<HTML>
<BODY>

<!-- Function getContent -->
<?php
    function getContent() {
        if (empty($_GET['page'])) {
            $page = 'content_page1';
        } else {
            $page = $_GET['page'];
        }
        $page .= '.php';
         
        if (false == is_file($page)) {
            $page = 'file_not_found.php';
        }
        include($page);
    }
?>                              
                         
            <!-- CONTENT -->
            <?php getContent(); ?>
</BODY>
</HTML>

Question 1: How to grab a different content (''content_page1.php', 'content_page2.php', 'content_page3.php', etc1), but using the same 'template', main page?
Question 2: Where the functions should be placed: in the header or body of the page?
Question 3: Is it possible to separate the functions on the separate file?

Thanks!
Le
                                    
0
Comment
Question by:athanasius296
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
8 Comments
 
LVL 48

Accepted Solution

by:
hernst42 earned 800 total points
ID: 12038788
q1: this is alredy implemented an depengs on the paramters of url you are calling if it is e.g
template.php?page=content_page2 the file content_page2.php will be included/displayed. If page is not set content_page1 will be used.

q2: depends of the output of the included files (e.g if no body or header-tags are outputed use it inside the body-tag). but typical it should be placed in the body.

q3: yes you can put the function in a file e.g myfuncs.inc.php
and then include then in your php-page:

include 'myfuncs.php';

The whole thing will then look like:
template.php
<HTML>
<BODY>

<!-- Function getContent -->
<?php
include 'myfuncs.php';
?>                        
                     
            <!-- CONTENT -->
            <?php getContent(); ?>
</BODY>
</HTML>

myfuncs.php:
<?php

    function getContent() {
        if (empty($_GET['page'])) {
            $page = 'content_page1';
        } else {
            $page = $_GET['page'];
        }
        $page .= '.php';
         
        if (false == is_file($page)) {
            $page = 'file_not_found.php';
        }
        include($page);
    }
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12038790
Your function is very insecure, using it as it is i can include any file i want via the query string which could include files containing sensitive data, you should limit the inclusion options using a more complex if statement or a switch statement.

With regards to your questions...

1 << I'm not 100% sure what you mean but i think you will be wanting to put the function in a seperate file and include that file within other pages on your site. eg. put the function in a page called content.php and include it in all other files using include('content.php');

Pages can be dynamically loaded using domain.com?page=content_page1.php (changing the value (content_page1.php) for each).

2 << It doesnt matter as long as you call the function (ie. <?php getContent(); ?> ) where you want the page to display

3 << See 1
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12038812
Example of safer way to write function:

      function getContent() {
       switch ($_GET['page']) {
            case("content_page1"):
                  $page = 'content_page1';
            case("content_page2"):
                  $page = 'content_page2.php';
            case("content_page3"):
                  $page = 'content_page3.php';
            default:
                  $page = 'content_page1.php';
       }
      }
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 27

Expert Comment

by:Diablo84
ID: 12038815
$page = 'content_page1'; should be $page = 'content_page1.php';

but you can see the idea
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12038868
It's not so insecure as only any file ending with '.php' can be included.
$page=/etc/passwd will not work as .php is added to the included fiilename, but checking that input should be done.
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 12038884
True but it still has the potential to cause problems, as a minimal example:

if index.php contained the line

<?php
include($_GET['page'].".php");
?>

and the query string was page=index

It will most likely result in an internal server error
0
 

Author Comment

by:athanasius296
ID: 12039995
Hi All,

I especially appreciate answer given by hernst42, but I have another question:
what if I include on the same 'template' page, more then one function, similar to the function <?php getContent(); ?> ?
For example, in addition to function getContent, on the same 'template' there is function getHeader (given below). Then, if I call: template.php?page=content_page2,
page 'content_page2' will be displayed in the Content and Header as well.
How to fix that?
Thanks!
Le


<!--Function getHeader-->
<?php
    function getHeader() {
        if (empty($_GET['page'])) {
            $page = 'header';
        } else {
            $page = $_GET['page'];
        }
      $page .= '.php';
         
        if (false == is_file($page)) {
            $page = 'file_not_found.php';
        }
        include($page);
    }
    ?>


0
 
LVL 27

Assisted Solution

by:Diablo84
Diablo84 earned 200 total points
ID: 12040027
use a different variable for the header

eg: query string

domain.com?header=onepage&page=anotherpage

then


<?php
    function getHeader() {
        if (empty($_GET['header'])) {
            $page = 'header';
        } else {
            $page = $_GET['header'];
        }
     $page .= '.php';
         
        if (false == is_file($page)) {
            $page = 'file_not_found.php';
        }
        include($page);
    }
    ?>
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
This article discusses how to implement server side field validation and display customized error messages to the client.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question