0

What I'm trying to do is to create a URL, example:

article.php?00001

Then using the following code this will include 00001 as an article within article.php

if(isset($_GET['00001'])){
    include('00001.php');
}else if(isset($_GET['00002'])){
    include('00002.php');
} else {
    include('noarticle.php');
}

Now, this works, and would be suitable for several articles if I just keep adding 00003-00010 etc, but if I intend to add MANY more articles, is there a better way of coding this without having to manually insert article numbers?

Improve this question
1
  • 1
    Are you sure you want to use article numbers and not search engine friendly titles? Commented Feb 11, 2012 at 3:33

3 Answers 3

Reset to default
1

Use a database to store your articles. Have a look at http://www.freewebmasterhelp.com/tutorials/phpmysql for a guide on how to use MySQL with PHP.

With regards to your URLs, use article.php?id=### then use $_GET['id'] to determine which article is being viewed.

By including files based on user-supplied data, what if the user goes to article.php?article - it tries to load article.php which tries to load article.php which tries to ... you get the idea.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for the tip, database wouldn't be needed as article is stored on a wordpress site. Thanks for pointing me in the right direction!
@NeilMacDonald if you're looking to create "pretty" URLs, wordpress has that functionality built-in already ... and it uses a database with ID numbers for posts, so what you're doing seems a bit nonsensical.
Sorry, I should have explained myself more clearly, I'm using wordpress custom fields to output an article number, which I can then pick up elsewhere on the site using wordpress codex. Sort on a CMS bodge for a friend.
0

Just make it dynamic! I would do something like this:

article.php?id=id_of_my_article

if(isset($_GET['id'])) include($_GET['id'].".php");
else include('noarticle.php');
Improve this answer

3 Comments

Of course you should use the appropriate security precautions, for instance make sure that the id is a number and doesn't contain letters or special characters. I suggest you to use the sanitize php class provided by OWASP owasp.org
Adding on from above comment, this works nicely, making my job semi automated at least! Thanks very much! Security options being looked at now, thanks
@NeilMacDonald See my below comment on one of the other answers - easiest way I know to make numeric input safe :)
0

First you need to know that it's insecure to include files simply based on url. There are other better means of doing so, as @Joe and @Angelo Cavallini wrote.
But if you are well aware of the consequences and determined to do so, you man try:
$id = current( $_GET );
$id && $id=intval($id);
if( $id ){
include( $id.'php' );
}

Improve this answer

2 Comments

I just do $id = (int) $_GET['id']; if ($id > 0) ... - if someone enters "23ab" it'll truncate to 23, and if someone enters "ab23" it'll go to 0 and just drop out.
yeah, the code presumes that parameter received is valid, if not, why would you include a file that doesn't exist?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.