PHP help

Peteee

Right, i'm trying to get an address in the form of

http://localhost/html/index.php?content.txt

Where the bit after the ?content.txt is a text file with content in it (Its just some html) so that i can have a link saying http://blah.com/index.php?content.txt and have a page with the content in it appear (So I just have one 'template' page, so to speak, and i fill that with content each time a link is clicked, so that I dont have to go copy and pasting the code into 40 different pages and having to update each one of them each time i make changes to the layout etc (Hope the above made sense)

I have the following code

<?php
	        $file = file_get_contents($_GET);
			   
	        echo $file;
	 ?>

The above (AFAIK) should get the content.txt out of the address and display it but it dosent work, error:

Warning: file_get_contents() expects parameter 1 to be string, array given in C:\wamp\www\html\index.php on line 148

<?php
        $file = file_get_contents('content.txt');
        echo $file;
?>

The above code works fine, but obviously thats hardcoded in.

Any ideas as to what i'm doing wrong?

Thanks in advance

vito

Peteee wrote:

Right, i'm trying to get an address in the form of

http://localhost/html/index.php?content.txt

Where the bit after the ?content.txt is a text file with content in it (Its just some html) so that i can have a link saying http://blah.com/index.php?content.txt and have a page with the content in it appear (So I just have one 'template' page, so to speak, and i fill that with content each time a link is clicked, so that I dont have to go copy and pasting the code into 40 different pages and having to update each one of them each time i make changes to the layout etc (Hope the above made sense)

I have the following code

<?php
	        $file = file_get_contents($_GET);
			   
	        echo $file;
	 ?>

The above (AFAIK) should get the content.txt out of the address and display it but it dosent work, error:

Warning: file_get_contents() expects parameter 1 to be string, array given in C:\wamp\www\html\index.php on line 148

<?php
        $file = file_get_contents('content.txt');
        echo $file;
?>

The above code works fine, but obviously thats hardcoded in.

Any ideas as to what i'm doing wrong?

Thanks in advance

$_GET is a global array (used to be $HTTP_GET_VARS). It contains data set by HTTP get requests to the server.

all you have to do:

<?php
        $address = 'content.txt';
        $file = file_get_contents($address);
        echo $file;
?>

though you may want to look at the php manual for better ways of parsing files or using templates!

Peteee

Well I have that already, but I need a way to 'pull it in at run time' so to speak, hopefully using the address as the variable so I can dynamically assign the different pages

e.g. http://localhost/html/index.php?content.txt

will read in content.txt wheras

http://localhost/html/index.php?whatever.txt

will display whatever.txt

Am googling all over the place but I cant find anything

daymobrew

Peteee wrote:

Right, i'm trying to get an address in the form of
http://localhost/html/index.php?content.txt

The text after the the '?' is in $_SERVER.
See http://uk.php.net/reserved.variables and the parse_url function.

<?php
  $filename = $_SERVER['QUERY_STRING']; // Get text after '?'.
  // Send contents directly to browser, without intermediate variable.
  echo file_get_contents( $filename );
  // or in one line without even the $filename variable:
  //echo file_get_contents( $_SERVER['QUERY_STRING'] );
?>

Be sure to add security checks so that users can't request random files. Consider using prefixing the specified file with a known safe path on the server. And ensuring that the file exists, possibly redirecting to the home page if not.

Peteee

Thats it!

perfect, thanks very much!

/me hands virtual pint to daymobrew

kdouglas

as daymobrew said, be careful with that, theres nothing stopping someone opening index.php?/etc/shadow using that, or even c:\windows\... depending on your OS. if its just something your playing around with for yourself, then i wouldnt bother, but if anyone else is going to use it or if its gonna be on a live server, then youll need a few security restrictions on there.

Peteee

kdouglas wrote:

as daymobrew said, be careful with that, theres nothing stopping someone opening index.php?/etc/shadow using that, or even c:\windows\... depending on your OS. if its just something your playing around with for yourself, then i wouldnt bother, but if anyone else is going to use it or if its gonna be on a live server, then youll need a few security restrictions on there.

After reading the docs, it says the path is relative, not absolute, so therefore so long as there is nothing sensitive after the docment path you are okay? (Unless of course you had it stored in c:\WINDOWS....

Regardless, what knd of security checks should I be putting in?

kdouglas

true, the path is relative, but theres nothing to stop someone doing index.php?..\..\..\windows instead of c:\

youll want to be checking for any invalid characthers etc.. such as the ..\
which means the directory above the current one, check out the use of basename().
there is also a function which allows you to specify a directory to load files from i think, and you can set up apache to only allow the webserver to read files in certain directories too, look at the <Directory> directive for apache2