Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Php question

Ok... I currently have a php function:
if($_SERVER['QUERY_STRING'] == 'thetalent' ||
$_SERVER['QUERY_STRING'] == 'thetalent:bcavalier' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:bquire' || 
$_SERVER['QUERY_STRING'] == 'thetalent:acigainero' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:dduffield' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:sfahrenheit' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:lanna' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:mfernandez' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:aheers' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:jhenry' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:ajacob' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:lmbuthia' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:kmulligan' ||  
$_SERVER['QUERY_STRING'] == 'thetalent:kserfass' || 
$_SERVER['QUERY_STRING'] == 'thetalent:obarua') 
{ echo 'TabOn'; }
else { echo 'TabOff'; }?>' href='?thetalent'
Is there a way I can just have it check for the to see if it contains "thetalent" in it and echo tabon rather than have to declare each and every one?
«13

Comments

  • edited February 2006
    if(substr($_SERVER['QUERY_STRING'], 0, 9) == 'thetalent') echo 'TabOn'; else echo 'TabOff';

    You can do it with regular expressions too, but regular expressions are evil.
  • Thanks sooooooooo much. declaring each was getting annoying as hell lol
  • No prob. There are a lot of things I dislike about PHP, but a lack of built-in string manipulation functions is not among them.
  • wait a minute...




    regular expressions are evil?
  • you
    -----fence-----
    me
  • lol. I said "evil", not "useless"
  • Care to show me what the regular expression version would look like?
  • if (preg_match("/^thetalent/",$_SERVER['QUERY_STRING'])) { echo('TabOn'); } else { echo('TabOff'); }

    but for something like this it's better to use strpos() unless you really need regular expressions. see http://php.net/strpos for reference.
  • AH, see... I have no idea how to differentiate from regular expressions from what I was using. I should really, probably, learn php... =P
  • edited March 2006
    Ok, rather than make a new thread I'll add an addendum question.

    I'm currently using this php code:
    <?php $query = $_SERVER['QUERY_STRING']; $query = explode(':',$query); if(empty($query[0]) && empty($query[1])) { require_once 'home.php'; } elseif(empty($query[1])) { require_once $query[0].'.php'; } else { require_once $query[0].'/'.$query[1].'.php'; } ?> to call php files into a template file I've designed.

    Using this code I am able to have address.com/?page which will call, for example, if the page was ?opportunities it would call opportunities into that page.

    If I call a page from another directory I'd just put ?DirectoryName:NameOfFile

    I'd like to be able to display regular URLS. Such as website.com/PageName.php or website.com/DirectoryName/PageName.php or even .html. Is this clear? If it is, does anyone know how to go about this?
  • Sounds like you need mod_rewrite. Dont ask me how, but i'm pretty sure thats what you're after.
  • ithcyithcy New
    edited March 2006
    there are a number of ways to do what you're asking. most of them require control over the webserver (like use of mod_rewrite, like minisweeper said, which is a way to eliminate .php from your urls, for example)

    if you don't care about having a .php in there, but you don't want the question mark, you could use $_SERVER['PATH_INFO']
    that way if your url was http://server.com/file.php/this/is/a/test
    then from inside file.php, $_SERVER['PATH_INFO'] would be "/this/is/a/test" and you could do with that whatever you wanted.

    but what's so bad about using $_GET?
    if your url was http://server.com/file.php?t=x
    then $_GET['t'] would be "x" and you wouldn't have to mess with explode and all that other crap.

    word of advice: never just take the query string and use it to include a file (like you do in your code up there (require_once $query[0].'.php';) without doing some checking and sanitizing first. because what if i entered this url: http://your.server.com/file.php?sensitiveserverinformation
    see what i'm saying? have an array of valid files and check against that, or something. don't let people enter whatever they want, and show it to them.
  • the problem with having an array is I have soooooooo many links It'd become overwhelming....
  • The least you should do is make sure they cant include *backwards* up the tree. And if they can make sure it's limited. Everyone knows about exploits in the past which let silly scripts browse to /etc/passwd and stuff.
  • Also, I appreciate your response, but I'm looking for a c more clear-cut solution as I'm really no experienced in PHP as much as I'd like to be. How would I alter the code, or what would I rplace the code with?
  • I tested going backwards and I don't think they can... It just keeps displaying the homepage. Also, If I'm able to get the url to look normal... then they wouldn't even know to try that, would they?
  • i can't tell you that without understanding how your site is laid out, but i can tell you this, if i'm interpreting your needs correctly:

    you should be using a database to hold information about these people, instead of a million static pages, one for each person.
  • maybe not the people you're writing the site for, but there are plenty of people who DO know to try just that, who go around looking for these sorts of things, in fact, and it only takes one person to figure it out.
  • Well, if you're willing to help, that is, how can I enlighten you to how my website works without exposing the inner workings of it to everyone here?

    If you're not, then I'll figure something out eventually but it probably won't be the cleanest or most secure, haha.

    I've kind of had to learn all this stuff in the process of building this website, it's been an experience, I tell ya.
This discussion has been closed.