Not logged in: Log In / Register You are here: Home » Snippets » Safe Dynamic Includes

Safe Dynamic Includes

<?php if (isset($_GET['x'])) {
   if (strpos($_GET['x'], "/")) {
      $dir = substr(str_replace('..', '', $_GET['x']), 0, strpos($_GET['x'], "/")) . "/";
      $file = substr(strrchr($_GET['x'], "/"), 1);
      if (file_exists($dir.$file.".html")) {
         include($dir.$file.".html");
      } else {
         include("default-page.html");
      }
   } else {
      if (file_exists(basename($_GET['x']).".html")) {
         include(basename($_GET['x']).".html");
      } else {
         include("default-page.html");
      }
   }
} else {
   include("default-page.html");
} ?>

Insert the code into index.php and link to your pages as "index.php?x=file" where 'file' is the name of the file you wish to include in the page (without the file extension).

"default-page.html" should be replaced with the name of the page you wish to display if the user types in an incorrect URL. This could be your homepage.

Category: PHP
Rating:
Added: 19th August 06 by Jem
Bookmark At: StumbleUpon, Digg

• Home
• Sitemap

Handy Stuff

• Code Converter
• Lowercase Converter
• Length Converter
• MD5 Hasher
• Code Snippets
• PHP Script Reviews

Downloads

• CSS Templates
• PHP Scripts

Top Links

• GoodPHPTutorials.com
• CodeGrrl
• 3till7: Geeky Stuff
• rev.iew.me

Resources

• IconBuffet
• Hackety Hack
• Other links?

tutorialtastic — ultimately better than pixelfx
Copyright © Jem Turner 2003-08. (About | Disclaimer | Link In)