How can I pass this variable and check if it matches?

StackOverflow https://stackoverflow.com/questions/21686068

  •  09-10-2022
  •  | 
  •  

سؤال

How can I correct/simplify this and put it in an array?

A link is passing: somelink.php?w=a (or b,c,d)

I want the page (somelink.php) to determine if "w" is set, and if set and the var matches, include the specified page. 

<?php
if(isset($_GET['w'])&&($GET['w'] == "a")){include("1.htm");}
if(isset($_GET['w'])&&($GET['w'] == "b")){include("2.htm");}
if(isset($_GET['w'])&&($GET['w'] == "c")){include("3.htm");}
if(isset($_GET['w'])&&($GET['w'] == "d")){include("4.htm");}
else{include("1.htm");}
?>
هل كانت مفيدة؟

المحلول

try using: 

$w = $_GET['w'];
if(isset($w)) {
    switch(strtolower($w)) {
        case "a":
            include("1.htm");
        break;
        case "b":
            include("2.htm");
        break;
        case "c":
            include("3.htm");
        break;
        case "d":
            include("4.htm");
        break;
        default:
            include("not-found.htm");
        break;
    }
}

نصائح أخرى

Use a switch statement:

if(isset($_GET['w']))
{
    switch($_GET['w'])
    {
        case 'a':    include("1.html");   break;
        case 'b':    include("2.html");   break;
        case 'c':    include("3.html");   break;
        case 'd':    include("4.html");   break;
        default:     include("1.html");   break;
    }
} else {
    include("1.html");
}

how about a simple array

$x=array('a'=>'1.html','b'=>'2.html');

then 

include $x[$GET['w']];

Like this:

if(isset($_GET['w'])){
    switch($_GET['w']){
        case "a":
            include("1.htm");
        break;
        case "b":
            include("2.htm");
        break;
        case "c":
            include("3.htm");
        break;
        case "d":
            include("4.htm");
        break;
    }
}

But I wouldn't do it that way. I'd make it so that the name of the page corresponds to the value being retrieved from the $_GET variable. That way you could do something like this.

if(!empty($_GET['w'])){
    include($_GET['w'] . ".htm");
}

Of course, you'd want a little filtering of the $_GET var too to make sure it doesn't get something you don't want there. Maybe like this.

$acceptable_values = array("some","acceptable","values");
if(!empty($_GET['w']) && in_array($_GET['w'],$acceptable_values) ){
    include($_GET['w'] . ".htm");
}

As I'm sure you are aware, passing variables directly into include statements or database queries is a TERRIBLE idea. See here for why in this case.

http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/

You could do a few things, lets take a look at some of them.

<?php
$webpage = '';
if(isset($_GET['w']))
  $webpage = strtolower($_GET['w']);

switch($webpage)
{
  case 'b':
    include '2.html';
    break;
  case 'c':
    include '3.html';
    break;
  case 'd':
    include '4.html';
    break;
  default:
    include '1.html';
    break;
}

Or we could use arrays

<?php
$webpage = '';
if(isset($_GET['w']))
  $webpage = strtolower($_GET['w']);

$included_pages = array(
  'a' => '1.htm',
  'b' => '2.htm',
  'c' => '3.htm',
  'd' => '4.htm',
);

// Check inside our array
if(array_key_exists($webpage, $includes))
{
  include $included_pages[$webpage];
}
else
{
  // Couldn't find the site
  include '1.htm';
}
مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top