How would I do it? - Computer Programmers, Programming Forum

Damien Gray · #1 04-18-2009

For example, if index.php?subtopic=register is called, in includes register.php and outputs $main_content?

Basically, whatever is called is included, and how would I make it secure?

Edit: Is this secure enough?

PHP Code:


			
if($_GET['page'] != null) {
    $page = $_GET['page'] . ".php";
    if (file_exists($page)) {
        include($page);
            echo $main_content;
    } else {
        echo "That page does not exist";
}
}

MohammadReza · #2 05-10-2009

Hi,

Now its more secure :

PHP Code:


			
if($_GET['page'] != null) {
    //-------- Filtering the name of page option
    $words = array("/", "..");
    $page = $_GET['page'];
    $filtered = str_replace($words, "", $page);
    $page = $page . ".php";
    if (file_exists($page)) {
        include($page);
            echo $main_content;
    } else {
        echo "That page does not exist";
}
}