I’m having a little problem. I want to securely include files based on the $_GET Parameter from a subdirectory + handle if the parameter is not valid.
<?php
if(isset($_GET['p']) && $_GET['p'] == 'fahrzeuge'){
include 'includes/cars.php';
}
if(isset($_GET['p']) && $_GET['p'] == 'impressum'){
include 'includes/impressum.php';
}
if(isset($_GET['p']) && $_GET['p'] == 'home'){
include 'includes/home.php';
}
if(isset($_GET['p']) && $_GET['p'] == 'anfahrt'){
include 'includes/anfahrt.php';
}
if(isset($_GET['p']) && $_GET['p'] == 'about'){
include 'includes/about.php';
}
?>
This is my Code. Sorry I know it is a noob way of solving this. How can I improve it? Any Suggestions/Help would be highly appreciated
Advertisement
Answer
I would use a ternary to set a variable that tells the page what to include.
This is very similar to Ofir Baruch‘s answer, except much shorter.
$pages = array('about','contact','home');
$p = isset($_GET['p']) && in_array($_GET['p'], $pages)? $_GET['p'] : 'home';
include "includes/{$p}.php";
Basically, you have an array of pages that are possible. In the ternary, we check if $_GET['p'] is set (isset()), AND we check if the value it contains is in the array. If it is, we use $_GET['p'] as $p, if it is not, we set $p to home, this means that home will always be the default if $_GET['p'] is not set, or not a valid page as per the array.