Closed Thread Icon

Topic awaiting preservation: PHP includes... Pages that link to <a href="https://ozoneasylum.com/backlink?for=11888" title="Pages that link to Topic awaiting preservation: PHP includes..." rel="nofollow" >Topic awaiting preservation: PHP includes...\

 
Author Thread
YoBoyE
Nervous Wreck (II) Inmate

From:
Insane since: Sep 2001

posted posted 09-25-2001 00:36

hello, im new around here, and im strating in PHP. FOr my site, i need to know how to do a file include within a table cell or something of the sort, mainly for ease of updating. i THINK it's something like the following, but im not sure . . .

code:
<?php
if ($QUERY_STRING) { include($QUERY_STRING.'.inc'); }
else { include(something.inc'); }
?>



anyways, thanks in advance.

-Eric



bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 09-25-2001 01:22

yeah it's generally

include("path to file");

However if you want the content to be parsed as PHP it must be wrapped within the <? and ?> delimiters

BTW you do not want to use this code as is. First variables passed via the query string should be name value pairs something like
http://www.whatever.com?name=value

and PHP automatically will make these into variables you can access so in the previous example you could use the variable $name which is equal to "value"

I don't like the technique of passing the names of included variables in the query string it's inheirently insecure since the user can change the value to anything they want. If you do use this method, put the included files outside your web tree and parse the incude to make sure you are grabbing from the crrect folder



:[ Computers let you make more mistakes faster than any other invention in human history, with the possible exceptions of handguns and tequila. ]:

[This message has been edited by bitdamaged (edited 09-25-2001).]

YoBoyE
Nervous Wreck (II) Inmate

From:
Insane since: Sep 2001

posted posted 09-25-2001 02:41

hmm, im not quite sure i understand, is there a way you could show me the source to the way with the name & value pair. sorry, im new to this.

bitdamaged
Maniac (V) Mad Scientist

From: 100101010011 <-- right about here
Insane since: Mar 2000

posted posted 09-25-2001 07:25

okay usually things go into the query string via a form using the get method.
put something in the field and hit the button on this and look at the query string. Also view the HTML of the form
check this out

Okay your query string is everything after the ? in a URL

normally like in this example things are in name value pairs seperated by an "and" sign. something that looks like this.

http://www.bitdamaged.com/testpages/query.php?name=whatever&test=another&third=whateveragain

Okay PHP automatically takes all these pairs
name = whatever
test = another
third = whateveragain

and makes them into variables
$name
$test
$third

which you can access just like a variable you have defined.
if you look at the source of the form (query.php) you will see this

<?
if (isset($name)) echo "$name";
?>

the isset($name) just makes sure that $name is a variable since we have not set it. Always a good idea when we are hoping the var is coming in from the query string. then we echo $name to see where it is

Look at this http://www.bitdamaged.com/testpages/show_query.php?name=whatevber

if you put that URL in your browser you'll see that you can change "whatevber to any word you want and it will reflect on your page.

This is where security comes in.
the "include" statement can include php from external sites. iI changed "echo $name"
to include($name) anyone could change ?name=whatever in my query string and include php from their server and run it to find out stuff about my server.



:[ Computers let you make more mistakes faster than any other invention in human history, with the possible exceptions of handguns and tequila. ]:

jiblet
Paranoid (IV) Inmate

From: Minneapolis, MN, USA
Insane since: May 2000

posted posted 09-25-2001 20:38

Are you just including files that contain HTML code to go in the table cell? If there isn't code in tht included file than the readfile() function is more appropriate.



-jiblet

Ensabanur
Bipolar (III) Inmate

From: KY
Insane since: Nov 2001

posted posted 02-22-2002 17:42

I"m trying to get the include function in PHP to work but it's not working inside an HTML document. It looks like this
___code_______

<?php
include ("c:\phpdev\www\phpdev4\calendar2.inc");
?>
Is this not right. I read the article above and I thought this was the right way to do it.

Thanks for any help

Ensa

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 02-22-2002 18:04

It should work fine. Did you get any error message? Also, did you name your file with .php extension?


Ensabanur
Bipolar (III) Inmate

From: KY
Insane since: Nov 2001

posted posted 02-22-2002 18:09

When you saw the file do you mean the file that the code is actually in? NO, it's an html file. Would that be the problem.

edit: just tried that (renaming the index.html to index.php) didn't work still. I'm not getting an error it just isn't showing up.

Strange

lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 02-26-2002 11:40
quote:
I"m trying to get the include function in PHP to work but it's not working inside an HTML document. It looks like this
___code_______

<?php
include ("c:\phpdev\www\phpdev4\calendar2.inc");
?>



when using the backslash within the double quotes, you have to escape the backslash itself, or simply use single quote.

i.e:
"c:\games" <-- wrong!
"c:\\games" <-- correct
'c:\games' <-- correct

DL-44
Maniac (V) Inmate

From: under the bed
Insane since: Feb 2000

posted posted 02-26-2002 17:56

Just to make sure - you have the path specified as a file on your loceal computer, so I assume you are trying to test this on your local computer. Do you have server software and PHP running on your computer?

« BackwardsOnwards »

Show Forum Drop Down Menu