I have the code <?php
include “$page”;
?>
how can i make it include “$page.php”;
Warning: include(.php) [function.include]: failed to open stream: No such file or directory in /home/eclipsew/public_html/index.php on line 132
Warning: include(.php) [function.include]: failed to open stream: No such file or directory in /home/eclipsew/public_html/index.php on line 132
Warning: include() [function.include]: Failed opening ‘.php’ for inclusion (include_path=‘.:/usr/lib/php:/usr/local/lib/php’) in /home/eclipsew/public_html/index.php on line 132
oh, if the value is something.php then try this
$pages = array('home.php','about.php','hosting.php');
if(in_array($_GET['page'],$pages)) {
include $_GET['page'];
}
is there another code, that will not fit into my site right, cant we just alter my code?
<?php
$_GET[“page”];
?>
which gets the page url index.php?page=hosting so my site should include the page index.php?page=hosting.php
Sure!
If you’re fine with, ?page=http://www.hackersite.org/stealeverything.php .
It’s a gaping security hole, the code M.Zeb Khan posted is what you should be looking to use. Create a whitelist of allowed includes, then if valid, include it - else show a default.
are you trying to get the query string passed to include a PHP page? if yes, then try this
<?php
include $_GET['page'].'.php';
?>
Warning: If you are getting filenames from query string, its very easy to include your secure files by messing with the query string, my recommendation would be, list all of your pages in an array and then check if what is going to include is actually what you wanted for example:
$pages = array('home','about','contact');
if(in_array($_GET['page'],$pages)) {
include $_GET['page'].'.php';
}
Good luck
What exactly is the value of $page ?
Try this
<?php
include $page.'.php';
?>