Who can write this PHP properly?
 

Ok, so I can't write php for the life of me. I have this script written out, kind of, but need it properly written as mine is pretty fubar.

So basically if someone goes to said page.php?ID= and the ID is there it'll spit out the header and footer with a content page in the middle relating to that ID. If there is no ID then it'll include a completely different page all together.

I know this is easy stuff. I probably have everything from the way it grabs the ID, to the way it decides what to output. But alas I don't know shit about writing php. :upsidedow

Bump for ya :glugglug

Errr, use a switch statement.

quick and dirty but it should give you alittle help on what you want to do

I think this will work.

Or here's another method...

Depends on how secure you want to make this. If it's just a simple include page passed via the URL, then the last one has the fewest lines, otherwise, you can do the various checks for a valid filename etc...

Nice, I like that allowed arrays part.

Thanks a bunch everyone. Going to take these back and try em out on my project. Be back in a little bit. :):thumbsup

:thumbsup:thumbsup:thumbsup

Ok, I definitely like the idea of checking that the id input is valid. However with jimbona's code snippet it only seems to load noid.php no matter what.

Another option:

Love watching coders one upping each other with their versions..and then the next...and the next...lol

I would make a really funny enormous bells-and-whistles one that lets you ban IP addresses by subnet and does some really neat stuff like signaling through apache_note(), but I lack the time, mrkris isn't here, and I'm not coding today.

Instead, have the world's worst implementation.

I will say, though, that Sands' use of switch is, well, a better abuse of logic than a ton of if/else/elif statements.

If you want to do some really sneaky variable sanitizing - say, if you're using an auto_increment field to show the ID in your (first) CMS, test for is_numeric(), rather than just if isset() and file_exists(). Also, might be a good time to pick up on regex so you can deny things like ?id=../../../etc/passwd

I don't code for free... but if you want something done right.. hit me up

In my experience: If you charge for a simple 'please help' PHP 101, you're not likely to get a lot of response from the peanut gallery.

need to put error trapping in if no id is sent.

i was dumb founded when i attempted this, you know how long its been since i included a file via url parameters? heh... when somethings sent from the url, its for database reasons...

I abuse my logic like a red-headed orphan.

Wow, I posted that not seeing the other options people have posted. A simple switch command is genius and in my opinion is easily the best way of coding a site's navigation.

Fail.
First off, you are using single quotes which means it would have to be include($ID.'.php'); not the way you have it, secondly what if i call it with file.php?id=/some/other/sites/on/this/server/phpfile ?

In my experience, If you do free work, you're wasting your time.

You should read my post right under this one. I did a couple versions, and indicated that he could use that method if he wasn't concerned with security. There are many ways to do what he's asking for. I'm just giving him options.

why not use isset?

Yup... see ... don't tell anyone, but if you time it just right and space out requests far enough so no one can piece them together, you could build an entire project for free through here... :) :1orglaugh

This snippet makes many assumptions, so use it as a base. I haven't actually tested it, it's just a quick idea of a dirty way of doing it. There are literally hundreds of ways to include this. You can do what one person said and check to see if $_GET['id'] is present in an array of allowed types, you can check by db, etc.

I don't consider it a bad thing, I consider it an opportunity for a developer to see how other developers approach a problem with a solution. :2 cents:

I love looking at other people's code. Always gives me new ideas and a new perspective on programming. It's sort of like staring at another man's junk when he's next to you in the urinal, but without all that awkwardness when he catches you looking and grabs your ass.

you liked it and you know it!

Remind me to never pee in a urinal next to you :)

Yeah, wouldn't want you to feel inadequate. :winkwink:

sad but true :(

Just tested the code locally and works fine for me, make sure the id you are passing via get is ?ID= and not ?id=

do debugging by testing if the different vars such as $ID are being set correctly.

You pee sitting down, so the point is moot.