...

View Full Version : PHP Error Help



stobbo
10-29-2006, 11:26 PM
Hello.

I am fairly new to PHP, and am struggling over a error. Any help would be kindly appriciated.

Error:


Notice: Undefined index: id in c:\home\********\public_html\index.php on line 3

Code


<?php
include("/home/********/public_html/modules/template-top.php");
$page= $_GET['id'];
if(file_exists("/home/********/public_html/content/".$page.".php"))
{
include("/home/********/public_html/content/".$page.".php");
}
else
{
include("/home/********/public_html/modules/news.php");
}
include("/home/********/public_html/modules/template-bottom.php");
?>

If you can help, I would be most pleased.

Thanks, Stobbo.

_Aerospace_Eng_
10-29-2006, 11:29 PM
echo $page and see what is getting returned.

<?php
include("/home/********/public_html/modules/template-top.php");
$page= $_GET['id'];
echo $page;
if(file_exists("/home/********/public_html/content/".$page.".php"))
{
include("/home/********/public_html/content/".$page.".php");
}
else
{
include("/home/********/public_html/modules/news.php");
}
include("/home/********/public_html/modules/template-bottom.php");
?>

stobbo
10-29-2006, 11:31 PM
It returns the id.

So if the url is:

www.domain.com/index.php?id=007

it will return:

007

_Aerospace_Eng_
10-29-2006, 11:35 PM
Read this, http://www.faqts.com/knowledge_base/view.phtml/aid/35787

GJay
10-29-2006, 11:38 PM
if there is no value for 'id' though, then $_GET['id'] will be, as the message suggests, 'undefined';
You can test for the value being there with either isset() or empty(), and include that in your conditional.

Regardless, including something that is user-alterable is a really really stupid thing to do. You want to be white-listing those files that you want to allow to be included, rather than potentially allowing access to everything on your server. Something along the lines of:


...
switch($_GET['id']) {
case 'news':
case 'about':
case 'contact':
include $_GET['id'].'.php';
break;
default:
include 'home.php';
}
...

stobbo
10-29-2006, 11:41 PM
It says:


Possible solution:

---

Initialize the variables via

$<your variablename> = $_REQUEST['<your variablename>'];

---

(or similar, but less general:

$<your variablename> = $_GET['<your variablename>'];

Which is what I have now.

Gjay, I'll try that now.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum