0

I have a question. I have this script

<?php
$GetPage= "index";
if((isset($_GET["page"])==true) && ($_GET["page"] != "")){
$GetPage = $_GET["page"];
}
?>

But I search on stackoverflow and google. But I can't find it. I want to include a error page when php can't find the file. How can I do that? I'm jut a starter with php.

Ow almost forgoten. I use this to include a part of my site: 

<?php include ("include/$GetPage.php"); ?>

Thanks for reading !

Improve this question
5
  • Are you redundant to write index.php straight away in your include syntax? Commented May 6, 2013 at 17:14
  • 6
    do NOT do this. This is a hideously BAD security issue. A malicious user can include ANY file on your system for which they know the path. e.g. consider http://example.com?page=../../../../../../../etc/passwd Commented May 6, 2013 at 17:14
  • en.wikipedia.org/wiki/File_inclusion_vulnerability Commented May 6, 2013 at 17:16
  • Sorry @MarcB I didnt know that. Commented May 6, 2013 at 17:24
  • @Mr.Alien The first part of my question (the get script) is in my header. The ohter is lower in the file. I only use a index.php If thats what you mean ? Commented May 6, 2013 at 17:25

3 Answers 3

Reset to default
1 
<?php

//file_exists will eliminate the need for any of your other checks.
if(file_exists($_GET["page"])){
    //Set the page to be loaded if it is found on the server
    $GetPage = $_GET["page"];
}else{
    //Show the user a 404 error message
    header("HTTP/1.0 404 Not Found");
    //OR
    //Set the page to be loaded as your custom error page
    $GetPage = "my_error_page.php";
}

//Include the page
include $GetPage;

?>

Are you looking for a 404 redirect? Or just load a custom error page into the document? Select the above based on what you wish to do.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for your reply. This is a good begin. But the script I have include when i don't use the get function a file. That is something that I need for this site. But I'm a beginner and someone helpt me with the script i posted. But it needs a small update.
As stated by @CooPer, you should also escape the passed variable to prevent any kind of injection.
Were you able to accomplish what you were looking to do?
0 
$GetPage = $_GET["page"];  // validate string!!  
if (!file_exists('include/' . $GetPage . '.php')) {
    $GetPage = 'errorPage';
}
Improve this answer

1 Comment

Thanks for your quick reply! But it forgot to post something. I use the $getpage to include my - home - page. The ohter part i use to include the files. When i make a typo or a user i get a php error like this: Warning: include(include/about0.php) [function.include]: failed to open stream: No such file or directory in /home/tombalf/domains/tombalfoort.com/public_html/index.php on line 59 I dont want that php error but a error that i made.
0

first check file is in folder (for injection) , ($file is full path of file.)

$path = "include";//your include folder path
if ( substr(realpath($file) , 0,strlen($path)) != $path || is_dir($file))
        //error file not found

second check file is exist or not

if (!file_exists($file))
//error
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.