ClanKiller.com :: View topic - php include text file

ClanKiller.com http://forums.clankiller.com/

php include text file http://forums.clankiller.com/viewtopic.php?f=24&t=1833	Page 1 of 1

Author:	Mole [ Sat May 20, 2006 5:50 pm ]
Post subject:	php include text file
I've asked this on another forum to, but you guys generally are better at responding: Is it possible with php to include a text/html/php file when a link is clicked? If so, How? Example: User want to see page B. User click link to page B. Page B is included, and viewed there and then.

Author:	Satis [ Sat May 20, 2006 8:37 pm ]
Post subject:
is it possible to display the contents of another page when a user clicks on a link/button? Yes. Is it possible to do that using PHP? No. Not really. You have to use javascript or dhtml or something. Either you use a. frames b. iframes c. AJAX d. something I don't know of that does the same thing. :p Personally, I'd do AJAX. Though I probably wouldn't use XML. And it really depends on what exactly it is you're trying to accomplish.

Author:

RB [ Sun May 21, 2006 1:21 am ]

Post subject:


	Satis wrote: Personally, I'd do AJAX. Though I probably wouldn't use XML. And it really depends on what exactly it is you're trying to accomplish.

Yep. I didn't get what you are trying to do Mole.

Author:

Mole [ Sun May 21, 2006 6:35 am ]

Post subject:

I did it


	Code: // menu echo '<a href="index.php?aid=1">1st article</a><br />'; ... echo '<a href="index.php?aid=n">n-th article</a><br />'; // includeing article if( file_exists('article_' . intval($_GET['aid']) . '.htm') ){ include 'article_' . intval($_GET['aid']) . '.htm'; } else{ echo 'Choose an article from menu'; } include 'footer.php';

however, what I'd want to be doing is forcing "aid" to be a variable instead of a string will help prevent nasty attacks too from people messing with the query. Is their anyway I can do that without having to just have my articles named numbers?

Author:

Satis [ Sun May 21, 2006 1:49 pm ]

Post subject:

oh....you're trying to do something easy. :p

So, basically you're just passing a GET var into the page and, if it exists, loading an article. Easy enough. What you did is fine, though I'm not sure why you're using intval();.

Anyway, you're trying to pass the name of the article? And it can be any kind of string? There's several things you can do to make the page safe.

The safest thing to do is match the variable against a list of acceptable vars.


	Code: switch($_GET['aid']){ case 'valid_article_1': include('this_is_a_valid_article1.htm'); break; case 'this_is_ok_too': include('blah_blah_blah.htm'); break; case 'whatsniceaboutthis': include('is_thevar_doesnthaveanythingtodowithe_filename.htm'); break; case 'default': die('That is an invalid article id'); }

unfortuanetly, that's not very scalable. You'd have to manually add each article to the page. What you REALLY ought to do is store all your articles in a database server. Then you prettify the variable, then run it against hte database

Here's some code showing how that would be done, sorta.


	Code: //clean variable $pattern= array('@<script[^>]?>.?</script>@si', // Strip out javascript '@<[\/\!]?[^<>]?>@si'); // Strip out HTML tags $aid = preg_replace($pattern,"",trim($_GET['aid'])); if(!get_magic_quotes_gpc()){ $aid = addslashes($aid); } //built a select statement $select = "SELECT article_title, article_text, author, date FROM table WHERE short_name='$aid'"; //connect to the database and select the db and all that other crap include('connect.php'); //query the database unset($result); $result = mysql_query($select); if(!$result){ echo 'That article doesn\'t exist.'; } else{ while($row = mysql_fetch_array($result)){ echo '<center><h1>'; echo $row['article_title']; echo '</h1><br>'; echo $row['author']; echo '</center><br><Br>'; echo nl2br($row['article_text']); echo '<br><br>'; } }

Author:	Mole [ Sun May 21, 2006 1:56 pm ]
Post subject:
Cool man, thanks for the help. I'll have a good read once I'm finish fucking my PC up... And I'm actually not using intval anymore - that code is slightly outdated now, in that, I don't have intval there. The reason it WAS there, was to keep the code nice and safe for the time when the articles were just labelled "article_1" It was making sure that it was just a number, and not a string/whatever. Anyway, Yeah, you call it easy, for me, I suck, so it's not I'll be moving it all database side eventually anyway, I have a basic review posting script that once it's finish I can modify for these needs. Right now, the first method (Giving it acceptable name tags) seems ok.

Page 1 of 1	All times are UTC - 6 hours
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/