Reputation: 104
How to pass the location of a php include in the url?
i have a large number of files with several id's in each file. For example file1.php contains a number of paragraphs, each paragraph has a unique id. (id="1",id="2",id="3" etc...) I would like the ability to create a link to a page (page A.php) and pass the location of one of these id's in the url of the link to display in a php include on page A.php The result that i'm looking for is to have the entire file (file1.php) show up inside of page A.php with the specific id that is passed in the url being highlighted. Is this possible? or do I need to use Java Script and an iframe?
Here is what I ended up with:
The url: http://mydomain/thispage.php?xul=http://mydomain.com/folder1/folder2/file.php&id=Abc150:176
The code:
Stylesheet .vrsehilite{styling}
<script type="text/javascript">var x = <?php echo json_encode($_GET["id"]); ?>;</script>
<?php
$invdmn = "<h2>Error: Invalid Domain</h2>";
$filnf = "<h2>Error: File Not Found</h2>";
$pthinv = "<h2>Error: The Path is invalid</h2>";
$idinv = "<h2>Error: The ID is invalid</h2>";
$oops = "<br/><h2>Oops! Something went wrong.<br/><br/>Please click the back button or use the menu to go to a new page.</h2>";
$testdomain = substr_compare ($_GET['xul'],"http://mydomain.com",0,20,FALSE); //make sure the domain name is correct
if ($testdomain == 0) {
$flurl = $_GET['xul'];
} else {
echo $invdmn . " " . $oops;
}
$flurl_headers = @get_headers ($flurl);
if ($flurl_headers[0] == 'HTTP/1.1 404 Not Found') {
echo $filnf . " " . $oops; //Make sure the file exist
} else {
$surl = str_replace (".com/",".com/s/",$flurl);
} //add some characters to url at point to explode
list($url1, $path) = explode ("/s/",$surl); //explode into array of 2 [0]url to domain [1] path
$testpath = substr_compare ($path,"file1/file2/",0,10,FALSE); //make sure the path is correct
if ($testpath == "0") {
$aid = preg_match ("/^[A-Z][a-z]{2}(?:[1-9][0-9]?|1[0-4][0-9]|150):(?:[1-9][0-9]?|1[0-6][0-9]|17[0-6])$/", $_GET['id']);
} else { //make sure the id is valid
echo $pthinv . " " . $oops;
}
if ($aid == 1) {
include($path);
echo "<script type='text/javascript'>";
echo "document.getElementById(x).className = 'vrsehilite';";
echo "document.getElementById(x).scrollIntoView();";
echo "window.scrollBy(0,-100);";
echo "</script>";
} else {
echo $idinv . " " . $oops;
}
?>
Upvotes: 0
Views: 646
Answers (1)
Reputation: 4752
Never ever include arbitrary files submitted by the user. Instead, you should only include files from a pre-defined set of your choice. Perhaps something like this:
PHP
$files = array ('file1.php', 'file2.php', 'view.php', 'edit.php');
$id = (int)$_GET['id'];
if (isset ($files[$id])) {
include $files[$id];
} else {
/* Error */
}
Or you could use a regular expression to accept only certain filenames, in this case 1 or more lower case letters followed by 0 or more digits.
$m = array ();
if ( preg_match ('#^http://domain.example/folder1/folder2/([a-z]+[0-9]*\\.php)$#', $m)
&& file_exists ($m[1])) {
include $m[1];
} else {
/* Page not found */
}
You may want to check the return value of include. You may also want to move the folders into the subpattern (...) or use regular expressions for the folder names.
If all you need is to highlight a certain paragraph in a page, you should add a URL fragment that poins to the paragraph's id, and add CSS to style it. Eg:
URL
http://domain.example?id=1#p1
HTML
<p id=p1>This is the target paragraph.
CSS
p:target { /* Style the targeted <p> element */ }
Upvotes: 2
Related Questions
- php include to external url
- php: include with URL parameter
- PHP include file in dynamic url
- How to use PHP includes without changing the URL?
- how to include the file with relative path?
- get URL in php IN INCLUDE FILE
- PHP path - including a file from the same directory
- Get Page URL In Order To Use It To Include
- How to include php variable url?
- PHP include from URL that redirects