How do you write dynamic page includes when Register Globals is off?

Forum Moderators: coopster

Message Too Old, No Replies

How do you write dynamic page includes when Register Globals is off?

register_globals include $_REQUEST['page'] require

EcksTen

3:32 pm on Aug 5, 2009 (gmt 0)

Hello all,
I've been a novice to PHP for a while, picking up bits and pieces as I go.

To date I was using the following on my index.php to include the relevant content from the linked pages on my menus.

if($page != null)
{$page = $_REQUEST['page'];
// Removing invalid characters
$page=str_replace($invalidChars,"",$page);
$page=$page.'.php';
if(is_file($page))
{require_once($page);}
else
{require_once("403.php");}
;}

else { require_once ("Home.php"); } ;

and the menu links being:

<a href="index.php?page=Home">Home</a>
<a href="index.php?page=About">Home</a>
<a href="index.php?page=Contact">Home</a>
...

I was reading up on Register Globals and how bad it is and how it should be turned off (PHP v6 no longer has it as I understand it).
The thing is, when I turn it off on my domain, the above code no longer works.

Can anyone tell me:
a) Why?
b) What I should do to correct my code so it is secure and works correctly?

Many thanks in advance!

EcksTen

eelixduppy

12:18 am on Aug 6, 2009 (gmt 0)

Hello and Welcome to WebmasterWorld!

The problem seems to be this:


if($page != null)

That is always going to be a problem unless $page is defined someplace you haven't shown here. It should read something like this:


if(isset($_REQUEST['page'])

EcksTen

12:49 pm on Aug 6, 2009 (gmt 0)

Hi eelixduppy,
Thank you for your response and for the kind welcome :)

I had a fiddle about and tried it with:

$page = $_REQUEST['page'];

at the top of the index.php file, this seems to work.

I also tried the:

if(isset($_REQUEST['page'])

option and that works lovely too.

My next questions would be:

a) Which of the two is a better option, setting it at the top of the index.php or just checking to see if it's set?

b) Is that all "register_globals" does, requires all variables to be set before they can be used?

Thank you,
EcksTen

eelixduppy

1:11 am on Aug 7, 2009 (gmt 0)

Which of the two is a better option, setting it at the top of the index.php or just checking to see if it's set?

I personally would check to see if the value was set. You always want to know what you are working with before you start doing things. Of course, if it isn't set then you can handle that appropriately, which in this case would be to stop execution of the script.

b) Is that all "register_globals" does, requires all variables to be set before they can be used?

Register globals makes all superglobal variables, such as GET, POST, etc... be defined as if they were regular variables. So if register globals were enabled, the following two variables would have the same value:


$_GET['var']
$var

With register globals disabled the one wouldn't be defined:


$_GET['var'] // works
$var // undefined error

If it would help perhaps you can read up more on register globals at php.net: [us3.php.net...]

EcksTen

8:26 pm on Aug 11, 2009 (gmt 0)

Hey eelixduppy,
Thank you for your help.
I did read up about register_globals but didn't really understand the php.net pages or other articles I found.
With your comments I went back to the php.net page and it seemed to make more sense.

Thanks again!

EcksTen