Php question

Mr. Fahrenheit

Ok... I currently have a php function:

if($_SERVER['QUERY_STRING'] == 'thetalent' ||
$_SERVER['QUERY_STRING'] == 'thetalent:bcavalier' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:bquire' || 
$_SERVER['QUERY_STRING'] == 'thetalent:acigainero' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:dduffield' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:sfahrenheit' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:lanna' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:mfernandez' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:aheers' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:jhenry' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:ajacob' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:lmbuthia' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:kmulligan' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:kserfass' || 
$_SERVER['QUERY_STRING'] == 'thetalent:obarua') 
{ echo 'TabOn'; }
else { echo 'TabOff'; }?>' href='?thetalent'

Is there a way I can just have it check for the to see if it contains "thetalent" in it and echo tabon rather than have to declare each and every one?

Bergamot

if(substr($_SERVER['QUERY_STRING'], 0, 9) == 'thetalent') echo 'TabOn'; else echo 'TabOff';

You can do it with regular expressions too, but regular expressions are evil.

Mr. Fahrenheit

Thanks sooooooooo much. declaring each was getting annoying as hell lol

Bergamot

No prob. There are a lot of things I dislike about PHP, but a lack of built-in string manipulation functions is not among them.

ithcy

wait a minute...




regular expressions are evil?

Bergamot

Yes?

ithcy

you
-----fence-----
me

Bergamot

lol. I said "evil", not "useless"

Mr. Fahrenheit

Care to show me what the regular expression version would look like?

ithcy

if (preg_match("/^thetalent/",$_SERVER['QUERY_STRING'])) { echo('TabOn'); } else { echo('TabOff'); }

but for something like this it's better to use strpos() unless you really need regular expressions. see http://php.net/strpos for reference.

Mr. Fahrenheit

AH, see... I have no idea how to differentiate from regular expressions from what I was using. I should really, probably, learn php... =P

Mr. Fahrenheit

Ok, rather than make a new thread I'll add an addendum question.

I'm currently using this php code:
<?php $query = $_SERVER['QUERY_STRING']; $query = explode(':',$query); if(empty($query[0]) && empty($query[1])) { require_once 'home.php'; } elseif(empty($query[1])) { require_once $query[0].'.php'; } else { require_once $query[0].'/'.$query[1].'.php'; } ?> to call php files into a template file I've designed.

Using this code I am able to have address.com/?page which will call, for example, if the page was ?opportunities it would call opportunities into that page.

If I call a page from another directory I'd just put ?DirectoryName:NameOfFile

I'd like to be able to display regular URLS. Such as website.com/PageName.php or website.com/DirectoryName/PageName.php or even .html. Is this clear? If it is, does anyone know how to go about this?

Minisweeper

Sounds like you need mod_rewrite. Dont ask me how, but i'm pretty sure thats what you're after.

ithcy

there are a number of ways to do what you're asking. most of them require control over the webserver (like use of mod_rewrite, like minisweeper said, which is a way to eliminate .php from your urls, for example)

if you don't care about having a .php in there, but you don't want the question mark, you could use $_SERVER['PATH_INFO']
that way if your url was http://server.com/file.php/this/is/a/test
then from inside file.php, $_SERVER['PATH_INFO'] would be "/this/is/a/test" and you could do with that whatever you wanted.

but what's so bad about using $_GET?
if your url was http://server.com/file.php?t=x
then $_GET['t'] would be "x" and you wouldn't have to mess with explode and all that other crap.

word of advice: never just take the query string and use it to include a file (like you do in your code up there (require_once $query[0].'.php';) without doing some checking and sanitizing first. because what if i entered this url: http://your.server.com/file.php?sensitiveserverinformation
see what i'm saying? have an array of valid files and check against that, or something. don't let people enter whatever they want, and show it to them.

Mr. Fahrenheit

the problem with having an array is I have soooooooo many links It'd become overwhelming....

Minisweeper

The least you should do is make sure they cant include *backwards* up the tree. And if they can make sure it's limited. Everyone knows about exploits in the past which let silly scripts browse to /etc/passwd and stuff.

Mr. Fahrenheit

Also, I appreciate your response, but I'm looking for a c more clear-cut solution as I'm really no experienced in PHP as much as I'd like to be. How would I alter the code, or what would I rplace the code with?

Mr. Fahrenheit

I tested going backwards and I don't think they can... It just keeps displaying the homepage. Also, If I'm able to get the url to look normal... then they wouldn't even know to try that, would they?

ithcy

i can't tell you that without understanding how your site is laid out, but i can tell you this, if i'm interpreting your needs correctly:

you should be using a database to hold information about these people, instead of a million static pages, one for each person.

ithcy

maybe not the people you're writing the site for, but there are plenty of people who DO know to try just that, who go around looking for these sorts of things, in fact, and it only takes one person to figure it out.

Mr. Fahrenheit

Well, if you're willing to help, that is, how can I enlighten you to how my website works without exposing the inner workings of it to everyone here?

If you're not, then I'll figure something out eventually but it probably won't be the cleanest or most secure, haha.

I've kind of had to learn all this stuff in the process of building this website, it's been an experience, I tell ya.