Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

PHP help

  • 28-01-2006 4:16pm
    #1
    Moderators, Education Moderators Posts: 2,432 Mod ✭✭✭✭


    Right, i'm trying to get an address in the form of

    http://localhost/html/index.php?content.txt

    Where the bit after the ?content.txt is a text file with content in it (Its just some html) so that i can have a link saying http://blah.com/index.php?content.txt and have a page with the content in it appear (So I just have one 'template' page, so to speak, and i fill that with content each time a link is clicked, so that I dont have to go copy and pasting the code into 40 different pages and having to update each one of them each time i make changes to the layout etc (Hope the above made sense)

    I have the following code
    <?php
    	        $file = file_get_contents($_GET);
    			   
    	        echo $file;
    	 ?>
    

    The above (AFAIK) should get the content.txt out of the address and display it but it dosent work, error:

    Warning: file_get_contents() expects parameter 1 to be string, array given in C:\wamp\www\html\index.php on line 148
    <?php
            $file = file_get_contents('content.txt');
            echo $file;
    ?>
    

    The above code works fine, but obviously thats hardcoded in.

    Any ideas as to what i'm doing wrong?

    Thanks in advance


Comments

  • Closed Accounts Posts: 70 ✭✭vito


    Peteee wrote:
    Right, i'm trying to get an address in the form of

    http://localhost/html/index.php?content.txt

    Where the bit after the ?content.txt is a text file with content in it (Its just some html) so that i can have a link saying http://blah.com/index.php?content.txt and have a page with the content in it appear (So I just have one 'template' page, so to speak, and i fill that with content each time a link is clicked, so that I dont have to go copy and pasting the code into 40 different pages and having to update each one of them each time i make changes to the layout etc (Hope the above made sense)

    I have the following code
    <?php
    	        $file = file_get_contents($_GET);
    			   
    	        echo $file;
    	 ?>
    

    The above (AFAIK) should get the content.txt out of the address and display it but it dosent work, error:

    Warning: file_get_contents() expects parameter 1 to be string, array given in C:\wamp\www\html\index.php on line 148
    <?php
            $file = file_get_contents('content.txt');
            echo $file;
    ?>
    

    The above code works fine, but obviously thats hardcoded in.

    Any ideas as to what i'm doing wrong?

    Thanks in advance


    $_GET is a global array (used to be $HTTP_GET_VARS). It contains data set by HTTP get requests to the server.

    all you have to do:
    <?php
            $address = 'content.txt';
            $file = file_get_contents($address);
            echo $file;
    ?>
    

    though you may want to look at the php manual for better ways of parsing files or using templates!


  • Moderators, Education Moderators Posts: 2,432 Mod ✭✭✭✭Peteee


    Well I have that already, but I need a way to 'pull it in at run time' so to speak, hopefully using the address as the variable so I can dynamically assign the different pages

    e.g. http://localhost/html/index.php?content.txt

    will read in content.txt wheras

    http://localhost/html/index.php?whatever.txt

    will display whatever.txt

    Am googling all over the place but I cant find anything


  • Registered Users, Registered Users 2 Posts: 6,571 ✭✭✭daymobrew


    Peteee wrote:
    Right, i'm trying to get an address in the form of
    http://localhost/html/index.php?content.txt

    The text after the the '?' is in $_SERVER.
    See http://uk.php.net/reserved.variables and the parse_url function.
    <?php
      $filename = $_SERVER['QUERY_STRING']; // Get text after '?'.
      // Send contents directly to browser, without intermediate variable.
      echo file_get_contents( $filename );
      // or in one line without even the $filename variable:
      //echo file_get_contents( $_SERVER['QUERY_STRING'] );
    ?>
    
    Be sure to add security checks so that users can't request random files. Consider using prefixing the specified file with a known safe path on the server. And ensuring that the file exists, possibly redirecting to the home page if not.


  • Moderators, Education Moderators Posts: 2,432 Mod ✭✭✭✭Peteee


    Thats it!

    perfect, thanks very much!

    /me hands virtual pint to daymobrew


  • Registered Users, Registered Users 2 Posts: 6,414 ✭✭✭kdouglas


    as daymobrew said, be careful with that, theres nothing stopping someone opening index.php?/etc/shadow using that, or even c:\windows\... depending on your OS. if its just something your playing around with for yourself, then i wouldnt bother, but if anyone else is going to use it or if its gonna be on a live server, then youll need a few security restrictions on there.


  • Advertisement
  • Moderators, Education Moderators Posts: 2,432 Mod ✭✭✭✭Peteee


    kdouglas wrote:
    as daymobrew said, be careful with that, theres nothing stopping someone opening index.php?/etc/shadow using that, or even c:\windows\... depending on your OS. if its just something your playing around with for yourself, then i wouldnt bother, but if anyone else is going to use it or if its gonna be on a live server, then youll need a few security restrictions on there.

    After reading the docs, it says the path is relative, not absolute, so therefore so long as there is nothing sensitive after the docment path you are okay? (Unless of course you had it stored in c:\WINDOWS.... :D

    Regardless, what knd of security checks should I be putting in?


  • Registered Users, Registered Users 2 Posts: 6,414 ✭✭✭kdouglas


    true, the path is relative, but theres nothing to stop someone doing index.php?..\..\..\windows instead of c:\

    youll want to be checking for any invalid characthers etc.. such as the ..\
    which means the directory above the current one, check out the use of basename().
    there is also a function which allows you to specify a directory to load files from i think, and you can set up apache to only allow the webserver to read files in certain directories too, look at the <Directory> directive for apache2


Advertisement