What's the right way to include two or three pages and include them by ID, like: index.php?page=one will include one.html and index.php?page=two will include two.html To same php page?
While both previous answers are vulnerable to file inclusion attacks, I would suggest a different approach using a predefined array of available pages to include:
<?php
$pages = array('one'=>'one.php',
'two'=>'two.php');
if(in_array($_GET['page'], array_keys($pages))) {
// only include if the page is really defined in your $pages array
include($pages[$_GET['page']]);
} else {
// don't include or simply include a default page here
// include('default.php');
}
?>
Is this what you wanted?
you will have to check if the file exists and that the $_GET['page'] is a valid value
<?php
$pageName = $_GET['page'] . '.php';
if(isset($pageName) && $pageName != '')
{
if(file_exists($pageName))
{
require_once($pageName);
}
}
?>
Edit: Given the un-deniable points below, setting an array of allowed pages would be a good idea as well.
URI:
index.php?pages=one,two,three
Script:
$allowedPages = array('one', 'two', 'three');
if($_GET['pages']){
foreach(explode(',', $_GET['pages']) as $page){
if(file_exists($page.'.html') && in_array($page, $allowedPages)){
include_once($page.'.html');
}
}
}
Or an array in the URI, keeping the page query string variable singular:
URI:
index.php?page[]=one&page[]=two&page[]=three
Script:
$allowedPages = array('one', 'two', 'three');
if($_GET['page']){
foreach($_GET['page'] as $page){
if(file_exists($page.'.html') && in_array($page, $allowedPages)){
include_once($page.'.html');
}
}
}