?pageid= Question

by **MM xSkillz** on Tue Aug 05, 2008 11:26 pm

Sorry, I don't know what this is called so I can't use Search to find it. I've seen on some websites that after the index.php (or whatever PHP file it is) there is a ?pageid= and then whatever the page is called (sometimes it's not pageid but something else). Here's an example:

http://www.pettraffic.com/index.php?pageid=pubtour1

How do I make something like this? I'm really new at PHP so please don't explain with complicated jargon. Thanks!

by **MM xSkillz** on Wed Aug 06, 2008 4:04 am

I'm reading a PHP tutorial right now and it seems that something similar to this came up:

http://www.tizag.com/phpT/postget.php

Is that it? Still, I don't think that this is how it's done because the GET method is for HTML forms, which is totally unrelated to what I'm trying to do. (at least it seems that way, it could maybe be done like this but I find it unlikely)

by **webmaster** on Wed Aug 06, 2008 10:05 am

To use a ?pageid=XX after .php is a way to pass variables via the URL.

Here's two examples you can try to play with.

If you use the code below, you can enter the URL: "filename.php?page_id=2" and it will print "Showing page 2";
[php]<?php

$page_id = $_GET['page_id'];

if ($page_id == 1) {
echo "Showing page 1";
} else if ($page_id == 2) {
echo "Showing page 2";
} else if ($page_id == 3) {
echo "Showing page 3";
} else {
echo "No page_id in the URL";
}

?>[/php]

You can also use it like this, to include text. If you use the code below and use the URL: "filename.php?page=info" it will print out a H1-headline saying "INFO" and then include the text in the file "includes/text/info.php"
[php]<?php

$page = $_GET['page'];

echo "<h1>" . strtoupper($page) . "</h1>";
include "includes/text/" . $page . ".php";

?>[/php]

by **MM xSkillz** on Wed Aug 06, 2008 3:56 pm

Cool, thanks!

by **DDragon** on Tue Aug 19, 2008 7:08 am

doesn't that produce security issues with the site though?

DD

by **webmaster** on Tue Aug 19, 2008 6:03 pm

Well.. if you store a text-file called super-secret-secrets.php in the text-folder, that it could be visible if they type index.php?page=super-secret-secrets

But I don't think (I've never tried) to "go back" in the dirs after folders has been added. Maybe it would work adding page=../../passwords, to make the script call "includes/text/../../passwords.php

by **MM xSkillz** on Thu Aug 21, 2008 9:38 pm

Well in my case, it's not a security issue because I just want to show different content related pages, if someone were to find the source code for the content page, it wouldn't do them any good.

by **DDragon** on Fri Aug 22, 2008 10:58 am

Its not so much the code im talking about.. as webmaster put in the post folloing mine:

webmaster wrote:Well.. if you store a text-file called super-secret-secrets.php in the text-folder, that it could be visible if they type index.php?page=super-secret-secrets

The security issue i was talking about was direct injection method. if you had a page/text file(s) that you didnt want people to see normally in with your html/php pages using the ?pageid= method could let them see it if they found out the name of the file(s) that you didnt want them to see.. i suggest you take flabbyrabbits security challenge HackThis
it will show you alot of security issues that are around web design.

DD

P.S: i apologize to the mods if this is classed as advertising.

by **MM xSkillz** on Fri Aug 22, 2008 4:34 pm

Yea, I started that like a month ago and kinda gave up after I couldn't get past like level 5 or somewhere around there.

?pageid= Question

?pageid= Question

Who is online