iframe help

[DJ P@CkMaN]

hey all,
my site is a GUI with links that change the site displayed in an iframe in the center. is there a way that i can make it so i can have in the URL a way to change the site? like

http://djclan.auscstrike.com/index.php?$page=downloads

will make downloads.php come up in the iframe? could you do it like this?

<iframe src="<?php echo $page; ?>" height="xx" width="xx">

i really have no idea, that was just a suggestion from a newbie PHP person

could you PLEASE help me??

thanks

[cpradio]

if you wanted to do that it would be like so:

PHP Code:

<a href="?page=downloads">Downloads</a>

<?php
 if (isset($_GET['page']))
  $iframe = $_GET['page'];
 else
  $iframe = "default.php";
?>
<iframe src="<? echo $iframe; ?>">

[DJ P@CkMaN]

thanks heaps man, it works great. im going to have a play to see if i can add some kool stuff.

thanks

[cpradio]

Just one thing for you to ensure not doing is including the file extension inside the URL. That is a security hazard unless the files you are including are in a specific directory.

Example:

PHP Code:

<a href="?page=downloads.php">Downloads</a>

<?php
 if (isset($_GET['page']))
  $iframe = $_GET['page'];
 else
  $iframe = "default.php";
?>
<iframe src="<? echo $iframe; ?>">

The problem with this is someone can include their own script in your site by typing this on your site:
?page=http://mysite.com/myscript.php

A way to avoid that is using either of these methods:
1) Add the extension of the file as you include it

PHP Code:

<a href="?page=downloads">Downloads</a>

<?php
 if (isset($_GET['page']))
  $iframe = $_GET['page'];
 else
  $iframe = "default";
?>
<iframe src="<? echo $iframe . ".php"; ?>">

2) Force the file to be located in a particular directory

PHP Code:

<a href="?page=downloads.php">Downloads</a>

<?php
 if (isset($_GET['page']))
  $iframe = $_GET['page'];
 else
  $iframe = "default.php";
?>
<iframe src="includes/<? echo $iframe; ?>">

-Matt