Posted by thetechturf.com on 05/25/07 22:45

Thanks. I got this code off of the internet, so it is not original to
me. Will check out the template deal. That might be more what I am
looking for. Not sure. Thanks again for the detailed reply.

Bryan



On May 25, 4:20 pm, Mike P2 <sumguyovrt...@gmail.com> wrote:
> On May 25, 6:34 am, "thetechturf.com" <BryanLBurkhol...@gmail.com>
> wrote:
>
> > // Check for bad requests. This is necessary to prevent the wrong
> > files
> > // from being included. This is a security measure.
> > if (strpos($p,"..")) {
>
> Be careful with this line! strpos() returns the numeric position of
> one string within another, which can be zero (if the contained string
> is the beginning). That's where it would be a problem for it to be.
> What this line assumes is that strpos() will return false when it
> doesn't find it, or a numeric position when it does find it. Any
> number other than zero, when casted to a boolean, is true, and zero is
> false. So to make sure this line works right, change it to this:
> if (strpos($p,"..") !== false) {
>
> !== means not equal to, before type casting.
>
> So anyway, you're in a position where you might find it easier to be
> using a templating library. Smarty (smarty.php.net) is standard, but
> there are alternatives with (almost) the same syntax which are more
> efficient, such as TemplateLite.
>
> Otherwise, you could either search/replace the new meta tags in there
> (find the </head> tag, replace with "<meta ... /></head>"), or put
> another variable in header.php, like <?=$description ?>, and add that
> before or after that <style> element. Example:
>
> header.php
> ----------------
> <html>
> <head>
> <title><?=$title ?></title>
> <meta http-equiv="description" content="<?=$description ?>" />
> <style type="text/css">
> body {
> background-color: white;
> color: #333333;
> font-family: verdana;
> font-size: 11px;}
>
> </style>
> --------------------------------------------------------------------------------------------
>
> Then you could just assign $header in index.php like you do $title.
>
> By the way, in <style> tags, you don't need the <!-- and -->. Trying
> to account for those browsers that less than 10 people on Earth still
> use was about as bad of an idea as it was to type all HTML tags in
> capital letters (there are way more people that don't speak English,
> but do we all account for them? Every language?). If you really want
> to do it anyway, you might consider using /*<!--*/ and /*-->*/ instead
> so that if you ever need to put your code on one line with an output
> buffer (not really efficient unless you are using output caching or
> have very little traffic), it won't screw up your CSS.
>
> -Mike PII

[Back to original message]