PHP Include Support

[Afterburn]

Hey guys, well my problem is with the php version I believe but i can't be 100 sure.

I am coding a webpage in html but renamed it .PHP instead of .HTM, and I have inserted a php tag in there as follows:

<?php
include "content/$action.htm";
?>

So whenever I go to request the page at index.php?action=staff it only sends me back to the regular index.php?action= page. It will not include the staff portion of it. Is there anything in php that has been disabled for this not to work or is it my coding that is poor and isn't working?

Btw, here is the link to my site and look for yourself whats going on.
http://www.ffinc-online.com/index.php?action=staff
Try using other words instead of staff in the url and still won't work.

Any help will do, thank you!

- Oscar

 

[Chris Z]

well hasn't the code varied slightly from PHP 4.4.2 to 5.1.4? i think that might be the problem, but i'm not sure as i'm not very into PHP yet, although i would like to be

 

[Bryon]

The problem is that you're relying on register_globals to be enabled, which is not a good thing.

You need to access variables from GET\POST using the superglobal arrays.
http://us2.php.net/register_globals

Example of what you'll need to do:

<?php

   $page = $_GET['action'];
   $page = preg_replace('#[^a-zA-Z0-9]#', '', $page); // Need to be safe.
   include('./content/'. $page .'.htm');

?>

 

[dharmil]

$page = preg_replace('#[^a-zA-Z0-9]#', '', $page); // Need to be safe.

what does this do?

 

[Bryon]

Cleans the user-suppied data, (Strips out all characters but letters and numbers), to verify that it's nothing "bad", such as something like:

page.php?action=http://example.com/badScriptText.txt

 

[Afterburn]

Oh I see, thank you very much Bryon!
I was just used on my last host to have it enabled by default!
Thanks again.