GoFuckYourself.com - Adult Webmaster Forum - View Single Post

mrkris · 07-20-2008, 05:34 PM

This snippet makes many assumptions, so use it as a base. I haven't actually tested it, it's just a quick idea of a dirty way of doing it. There are literally hundreds of ways to include this. You can do what one person said and check to see if $_GET['id'] is present in an array of allowed types, you can check by db, etc.

Code:

include 'header.php';
$path = 'some/lib/path/' . (isset($_GET['id']) ? intval($_GET['id']) : 1) . '.php';
if (!file_exists($path)) {
    die("handle error goes here");
}
include $path;
include 'footer.php';

07-20-2008, 05:34 PM
mrkris Confirmed User Join Date: May 2005 Posts: 2,737	This snippet makes many assumptions, so use it as a base. I haven't actually tested it, it's just a quick idea of a dirty way of doing it. There are literally hundreds of ways to include this. You can do what one person said and check to see if $_GET['id'] is present in an array of allowed types, you can check by db, etc. Code: include 'header.php'; $path = 'some/lib/path/' . (isset($_GET['id']) ? intval($_GET['id']) : 1) . '.php'; if (!file_exists($path)) { die("handle error goes here"); } include $path; include 'footer.php'; __________________ PHP-MySQL-Rails \| ICQ: 342500546