使用Url查询来定义页面

时间:2018-03-03 09:39:01

标签: php get content-management-system

我想去的网页是 https://example.com/portal/projects.php?action=projectdetails&id=18

我有一个名为projects.php的文件,它查找变量并包含正确的页面(projectsm projectdetails,projectedit ...)但我不知道如果有页面定义,如何使脚本检测到( ?action=projectdetails&id变量告诉服务器在数据库上查询哪个id以检索信息。

这是我目前的代码(不起作用)

    <?php 
session_start();
ob_start();
$currentPage = 'usrprojects';

require ('assets/config.inc.php');


if (isset($_SESSION['logged_in']) != true) {
header("location: login.php"); 
}
else {
    if (isset($_GET['action'])){
if( isset($_GET['projectdetails']) && $_GET['projectdetails'] == "")
{
echo "asd";
}
    }
    else {
    require 'includes/pages/projects.php';
    }
    }
?>

1 个答案:

答案 0 :(得分:0)

我认为上面更可能是这样的,因为你试图找到一个GET变量是否等于projectdetails而不是找到一个名为projectdetails

的GET变量
session_start();
ob_start();
$currentPage = 'usrprojects';

require ('assets/config.inc.php');


if ( isset( $_SESSION['logged_in'] ) != true ) {
    header( 'location: login.php' ); 
} else {
    if ( isset( $_GET['action'] ) ){
        if( $_GET['action'] == 'projectdetails' ) require 'includes/pages/projects.php';
        else echo 'asd';
    }
}

但是,正如我在评论中提到的那样,你可能想要使用白名单的想法 - 像这样粗略的想法:

session_start();
ob_start();

if( empty( $_SESSION['logged_in'] ) ){
    exit( header( 'location: login.php' ) );
}

$whitelist=array(
    'projects'  =>  array('script'=>'includes/pages/projects.php','level'=>3),
    'admin'     =>  array('script'=>'includes/pages/admin.php','level'=>1),
    'other'     =>  array('script'=>'includes/pages/other.php','level'=>5)
);

$currentPage = 'usrprojects';
require ('assets/config.inc.php');



if( !empty( $_GET['action'] ) && array_key_exists( $_GET['action'], $whitelist ) ){

    $action = $whitelist[ $_GET['action'] ]['script'];
    $level  = $whitelist[ $_GET['action'] ]['level'];

    if( file_exists( $action ) && $_SESSION['level'] <= $level ) require $action;
}