Quote:
|
Originally Posted by Silvy
I think I get the fact that you want to simplify the URL to hide the paths, but it's ok to have both id= and id2= in the url.
So I suggest (as posted by you earlier):
http://www.arch13.com/index.php?id=brewery&id2=12345
The code should be something like this:
PHP Code:
//constant:
define('IMAGE_PATH', 'img/');
//VALIDATE THE INPUT BEFORE THIS.
$filename=$_REQUEST['id'].'_'.$_REQUEST['id2'].'.jpg' //turns index.php?id=brewery&id2=1 into brewery_1.jpg
$image_location=IMAGE_PATH.$filename (turns it into 'img/brewery_1.jpg')
Then you can proceed to check for file_exists, and enter it into your code.
And you should validate your code as people could try to access your complete filesystem by requesting stuff like id=../../etc/passwd
(Depending on system setup this might work). |
That's exactly the path I'm trying to find!
The url would be
www.arch13.com/index.php?id=brewery&id2=1 for the brewery page, displaying image 1.
That's brilliant to use $_REQUEST['id'].'_'.$_REQUEST['id2'].'.jpg. How would this work into my current code?
I think it's something like this:
Code:
$id = $_REQUEST['id2'];
define('IMAGE_PATH', 'img/');
$filename=$_REQUEST['id'].'_'.$_REQUEST['id2'].'.jpg'
$image_location=IMAGE_PATH.$filename
if(file_exists($id.".jpg")) {
echo "<img src='$id.jpg'>";
} elseif(file_exists($id.".php")) {
include($id.".php");
} else {
echo "<img src='brewerysplash.jpg'>";
}
Just one into the other, that way your php makes us of the $id = $_REQUEST['id2']; defined at the begining, right?
It looks right, but I don't know. Guess I'll try it when I get home from studio.
Thank you for understanding through my vague description!
I'll report back as soon as I've tested it later tonight.
(By the way, my server is set not to allow display of directories, so a file name would need to be guessed correctly to exploite the variable in the url, otherwise nothing would be displayed and the code would just insert the else when rendering the page.)
Ratbastid, I don't have a database to use. I have mysql on the hosting package, but have never even set it up as that's an additonal layer of learning required, and I seem to be trying very little the needs this kind of stuff.