How To Use include Function Safely ?

[killer7k]

hi ,
How do you use include function safely to avoid anything relation about Injection....
& To design Your page do You use different page ?
i mean do you use single page That containe The header & the menu .. ?
or do you use different & you call in index.php using include function

[visualAd]

The safe way to include the script is to hard code the name of it in your including script. This way, if the user tries to inject data or point it to a URL; it will be ignored and an error page displayed.

Also, disable URL fopens too. You should NEVER need it.

PHP Code:

$location = $_GET['location'];
$include = '';

switch ($location) {
    case 'home':
        $include = 'contact.php';

    case 'contact':
        $include = 'contact.php';

    case 'admin':
        $include = 'admin.php';

    default: // anything else the user entered
        $include = 'error.php';
}

include $include; 


[killer7k]

Thanks m8
what about To design Your page do You use different page ?
i mean do you use single page That containe The header & the menu .. ?
or do you use different & you call in index.php using include function

[visualAd]

No - there is no reason why the same code cannot on separate pages you have require (it's like include). It is best to separate each logical function of the site into separate pages; just as you separate each entity in a relational database into a table.

It will also make your site more search engine friendly as it will not see the query string (more likely to be dynamc data and will more likely follow it and crawl the page).

[killer7k]

Yes Better Thanks !

[visualAd]

A typical set of pages may look like this:

Code:

-- include
    -- site.php
    -- auth.php
-- htdocs
    -- login.php
    -- login_input.php
    -- cart.php
    -- cart_input.php
    -- index.php
    -- contact.php
    -- contact_input.php

The site.php could be included and used to check authentication tokens and set up the / retrive the current state.