Im try to explain what im trying to do,

in html you can use a frame to open a open within the site without having to open a new window outside the website,

what I wanna do is have all my pages open like an iframe but in php is there anyway to use php to open a page within the same page but without having to pop open a new window out side the page,

I was thinking maybe it could be done using an include or something but i wanted to see anyone could give me an exsample or tell me if its even possible.

PHP produces HTML. There is nothing it can do to help.

Opening pages within pages is a bad idea because it makes navigation and identifying the present location rather difficult.

a buddy told me to use this..

<?php
if (!isset($_GET["link"])) include 'main.php';
else if(is_file($_GET["link"] . ".php") && $_GET["link"] !="index" ) include htmlspecialchars($_GET["link"] . ".php");
else include 'error.php';
?>

seems to work how i wanted :D

Do not use that code. That contains serious security flaw: anyone can input a path as the 'link' parameter and — assuming the Apache or PHP user account has permissions to access it — read any other file ending with '.php' in your system.

If you want to specify content via a HTTP parameter, you must define a mapping table of content names to physical file names, and validate parameters against this table.

In general, passing any variables to include/require statements is bad practice.

It's not that big of a security flaw it will only allow them to try to get .php that are in the root folder i tried to get subfolders it dont allow me to view them i also tried getting a random .php file out of a sub folder it didn't allow me to view it either it went to the error.php file.

You may have an open_basedir restriction enabled. Don't rely on that.

Question: Is the following still unsafe? I use a variable in my site in order to generate the content, thus generating a single PHP file the whole time, just using different includes, eg: If the address bar reads www.billgeek.com/index.php?content=links I have a file on the server called: "content_links.html" which is included in the output.

As I have ZERO PHP experience and knowledge, you guys actually determine the outcome of my site... :) :wave:


if ($_GET["content"] == "prog" || $_GET["content"] == "photo" || $_GET["content"] == "image" || $_GET["content"] == "serious")
{
echo "<FONT FACE=\"Tahoma\" SIZE=2 COLOR=\"#FFFFFF\">This area is coming soon!</FONT>";
}
else
{
// Following if statement default for when the URL entered contains no variable called content
if ($_GET["content"] == "")
readfile("content_home.html");
else
readfile("content_".$_GET["content"].".html");
}

No: what if $_GET['content'] contains periods, slashes, or other characters that manipulate the path in some way?


You need to always validate parameters coming from the client side.

A very simple method:
$pages = array(
'' => 'content_home.html',
'links' => 'content_links.html'
# etc.
);

if (array_key_exists($_GET['content'], $pages))
$page = $pages[$_GET['content']];
else
$page = $pages[''];

readfile($page);


(Can't remember offhand whether or not you can have an empty string as a key.)


Also, avoid using echo to output HTML. PHP is an output preprocessor; it does it by default. Simply close the PHP code tags.
<?php
header('Content-type: text/html; charset=utf-8');

# some code here
?>

<!-- some HTML here -->

<?php
# more PHP code here
?>

You can use an alternative syntax for conditional blocks:
<?php if (something): ?>
<!-- something -->
<?php endif; ?>

i use a switch. it allows me to have other vars for each page.

what if $_GET['content'] contains periods, slashes, or other characters that manipulate the path in some way?
Valid point. :thumb:
Opening pages within pages is a bad idea because it makes navigation and identifying the present location rather difficult.
How would one go about doing something like this then? Are there any alternatives to building an HTML page for every instance of, for example, the "header" section?

That's not opening a page within a page. That point was referring to IFRAMEs.

$pages = array(
'' => 'content_home.html',
'links' => 'content_links.html'
# etc.
);

if (array_key_exists($_GET['content'], $pages))
$page = $pages[$_GET['content']];
else
$page = $pages[''];

readfile($page);

How would use use that to in the index.php or in a config file is what I dont understand I dont get how to use that code to open pages like if I have stuff like home.php and I want home.php to open the main content that will be seen on the site when they view it hard to explain in text

I was looking for something like I had when Im given something I didn't code I dont understand how its to be used. I dont get where I'd place thet above code and then have it open new pages within the content box like and iframe does but I dont wanna use iframes I wanna do it in php