开发者

PHP If / Elseif Statement Not Working Correctly

问答 作者:

I have a simple if statement that works on my local machine but when i uploaded it tom ypaid site i got an error on my home page.

Error:

Warning: include(./pages/.php) [function.include]: failed to open stream: No such file or directory in /home/a5410474/public_html/index.php on line 33
Warning: include() [function.include]: Failed opening './pages/.php' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/a5410474/public_html/index.php on line 33

The Code:

<?php
    i开发者_Go百科f (isset($_GET['p']) && $_GET['p'] != NULL || $_GET['p'] != '') {
        $p = mysql_real_escape_string($_GET['p']);
    }elseif ($_GET['p'] == '' || $_GET['p'] == NULL){
        $p = 'home';
    }
include("./pages/".$p.".php");
?>

Instead of OR, you need AND here, also enclose the second half in parens.

if (isset($_GET['p']) && $_GET['p'] != NULL || $_GET['p'] != '') {

// should be
if (isset($_GET['p']) && ($_GET['p'] != NULL && $_GET['p'] != '')) {

You have no else case, and it's likely the value being passed into `$_GET['p'] meets neither condition.

It would be better to write it like this, using empty()

if (isset($_GET['p']) && !empty($_GET['p']) {
  $p = mysql_real_escape_string($_GET['p']);
}
else $p = 'home';

A much less verbose way of writing this:

$p = empty($_GET['p']) ? 'home' : $_GET['p'];
include("./pages/{$p}.php");

Some other notes:

  1. You should not be using mysql_real_escape_string on a variable you're going to pass to include. That function is for preparing data for insertion into a SQL query.

  2. You should not include a file based on a variable passed through the query string, or from any kind of user input. Someone can use that to read system files on your server then take control of the whole computer.

You should be more aware of directory traversing, sanitize user input, and make sure the file is even there. (re: your errors):

<?php
if (isset($_GET['p'])) {
    $p = preg_replace('/[^a-zA-Z0-9_]/s', '', $_GET['p']);
} else {
    $p = 'home';
}
$path = "./pages/" . $p . ".php";

if (file_exists($path) === true) {
    include $path;
} else {
    include './pages/notfound.php';
}

You can also try this:

<?php
    $p = 'home';
    if (!empty($_GET['p']))
        $p = $_GET['p'];       
    include("./pages/".$p.".php")
?>

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9