Safe Dynamic Includes (Snippet) » tutorialtastic.co.uk

Safe Dynamic Includes

<?php if (isset($_GET['x'])) {
   if (strpos($_GET['x'], "/")) {
      $dir = substr(str_replace('..', '', $_GET['x']), 0, strpos($_GET['x'], "/")) . "/";
      $file = substr(strrchr($_GET['x'], "/"), 1);
      if (file_exists($dir.$file.".html")) {
         include($dir.$file.".html");
      } else {
         include("default-page.html");
      }
   } else {
      if (file_exists(basename($_GET['x']).".html")) {
         include(basename($_GET['x']).".html");
      } else {
         include("default-page.html");
      }
   }
} else {
   include("default-page.html");
} ?>

Insert the code into index.php and link to your pages as "index.php?x=file" where 'file' is the name of the file you wish to include in the page (without the file extension).

"default-page.html" should be replaced with the name of the page you wish to display if the user types in an incorrect URL. This could be your homepage.

Category: PHP
Rating:
Added: 20th August 06 by Jem
Bookmark At: StumbleUpon, Digg

Safe Dynamic Includes

Handy Stuff

Downloads

Friends of 'TT'

Resources