Posted by Exyle on 10/20/53 11:20

Jonathan Davis wrote:
> "Stefan Rybacki" <stefan.rybacki@gmx.net> wrote in message
> news:3ink7mFmcn16U1@individual.net...
>
>>Jonathan Davis wrote:
>>First of all you shouldn't do it that way, because of security.
>>Better use something like www.domain.com/index.php?page=11111
>>
>>where you can determine what page with 11111 is meant.
>>
>>in index.php
>>
>>$page_array=array('11111'=>'page.php');
>>
>>include($page_array[$_REQUEST['page']]);
>>
>>
>>But note that isn't the right way anyway, at least you have to check
>>whether the requested page is available.
>>You also could use a real template system like smarty or try to implement
>>one for your own.
>>
>>
>
> Thanks for that Stefan, I was thinking there would be a big security risk
> doing it that way.
> I have setup a test of this and it seems to work fine.
>
> Unfortunately with the way my site is setup, in order to get the whole site
> done this would involve setting up a folder with every file in it (around
> 2000 files), and also having to rename most of them and rewrite a lot of
> code....
>
> I think an easier solution might be to include a index.php and a content.php
> file in each subfolder (instead of just a index.php - which at the moment i
> am having to manually redesign) so when i wanted to redesign the site i
> could just create a single new index.php and paste it into all 30 folders so
> i would not have to redesign all the content pages every time as the content
> does not change.
>
> www.classickidstv.co.uk is the site if anyone wants to check it out and see
> if there is a better solution.
>
> thanks for your response, Jonathan
>
>
There isn't really a security risk unless somone visiting the url
directly is an enourmously bad thing, in that case there's an easy way
to fix it: put all the included php files in another directory, unless
the intruder knows that directory name they wont be able to access the
files directly.

[Back to original message]