Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5

Thread: SSI Help

  1. #1
    Junior Member
    Join Date
    Mar 2014
    Posts
    3
    Member #
    38626

    SSI Help

    It's been a few years since I've done anything with Webdesign, so forgive my ignorance if the answer is really simple. I'm working on a website with includes to control the content and news. When you're on the homepage, the news is present, but when you click a link, the content shows up where the news is. I have the code where this will happen, but when I test the site, it doesn't show the content. Here's the code

    PHP Code:
    <?

    //stripping dots to protect from attack.  ;)
    $page str_replace('.','',$_GET['page']);

    //neater than $page=='' because it catches every occasion where page has no value rather than just when page is a string
    if (empty($page)) {
    // VV  obviously this page does actually exist right ;) 
    include('../news/news.php');
    } elseif (!
    file_exists('./content/'.$page.'.php')) {
    include(
    '../content/error.php');
    } else {
    //not quite sure why you have the whole url here, I replaced it with a '.' which signifies 'this directory'
    include('../content'.$page.'.php');
    }
    ?>
    Then for the links I thought I was just supposed to put ?page=pagename . Am I doing anything wrong? Thanks!

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,686
    Member #
    5580
    Liked
    716 times
    What you're doing is non-secure, "old PHP practices" not recommended at all.

    With PHP, you don't use other PHP scripts as "pages of content". Instead, you use PHP to pull content from a database or some other text source.

    For example, you have "news articles" saved as text files, or better yet, saved in a database. Those articles are the content (text, paragraphs, photos, etc). Each article or post or whatever you want to call it is identified by an ID number of some kind (date code, entry number, etc). PHP grabs those and displays that content on the page.

    You never let anyone be allowed to manipulate .php files. Nobody can edit them or display them (as text). Only you (the site owner) controls those. Everything PHP does for the user, is to display content from a database or text file.

    You probably don't use a MySQL database (I assume since you are a confessed newbie). So you should create your content using .txt files (plain text files).

    Your .txt files can contain HTML (that's perfectly fine). Write your content and save it as some logical filename like: news_03032014.txt
    You might want to put all of them in their own directory, call it "content"?

    Each one starts with "news_" and then the date 03032014 (MMDDYYYY) then .txt

    Now PHP can search the directory and pull-out .txt files by date, or whatever you wish. It can display them in ascending or descending order also.

    Now, you include the .txt file ... not a .php script.

    Security considerations ... remove anything in the text file that contains <? ?> ... you can see where someone could write a PHP script within the news article. You can decide if you allow HTML tags or not. Any editing or modifications are done to .txt files instead of .php files.

    If you have to display PHP scripts based on URL variables, use something like ?page=12
    Then, you control which PHP script is included ...

    if($page==12){
    include("news.php");
    }

    You are not allowing the user to include a PHP script of their naming. If they enter anything other than 12, it just won't include it. There is no way they can force another PHP script to be included.


  4. #3
    Junior Member
    Join Date
    Mar 2014
    Posts
    3
    Member #
    38626
    What if I wanted to use a news client to manage the news though (like cutenews or something similar) and then have the content of my website managed through the includes, but I wanted to put them on the same page? This way when someone clicked on something like 'biography,' the news would disappear and a biography would appear instead? Would the same principal still apply?

  5. #4
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,686
    Member #
    5580
    Liked
    716 times
    You would use PHP to dynamically create your webpage with javascripting embedded to handle the opening and closing of the "panels".

    Create a web page using JQuery (javascripting) to open and close "panels". Code the page by hand for now and hard-code the content. The idea is to make the page work the way you want with HTML and JQuery. Once you get a working page, then PHP can be used in place of your hard-coded content. PHP will insert the content into the places where you had previously hard-coded it.


  6. #5
    Junior Member
    Join Date
    Mar 2014
    Posts
    3
    Member #
    38626
    Thanks! I really appreciate the help!


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 05:53 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com