Re: URL parsing, help

Rhialto wrote:
On 27 nov, 20:26, trookat <troo...@xxxxxxxxxxxxx> wrote:
Rhialto wrote:
On 27 nov, 19:29, Rhialto <Rhia...@xxxxxxxxx> wrote:
On 27 nov, 19:05, Jerry Stuckle <jstuck...@xxxxxxxxxxxxx> wrote:
Rhialto wrote:
With a lot of search in Google I made it in JS but there is a part I'd
like to be in PHP and I can't find how to do it.
From a page that usually display in a frame I have this JS :
if (self == top) { top.location.href="/index.php?url=test.php"; }
Now you may have guessed what I'm trying to do, load the top page but
with the frame I passed in the URL
I successfully achieved my goal with JS but I think it would be nice
using PHP.
How can I extract only "test.php" from the URL so I can:
<?php echo "<iframe src=\'" + url + "'>" ?>
Thanks
Look at the $_GET superglobal.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstuck...@xxxxxxxxxxxxx
==================
Found it, thanks for the clue!
I'm no php expert and even if the next line works, maybe someone can
optimize it?
<iframe src="<?php if ($_GET["url"] == "") { echo "default.php"; }
else { echo $_GET["url"]; } ?>"></iframe>
What you have is fairly optimized however it is not secure. people could
use this to load url's that you are not wanting.

I've come to this mostly to avoid someone (or search engine) to link
directly to the frame, bypassing the top page.


What I suggest is something like
<?php
// if url is set assign $url the url else set it to default
$url = isset($_GET['url']) ? $_GET['url'] : 'default.php';

$ok_url="default.php"; // set default ok_url
switch ($url)
{
case 'first.php' : $ok_url="first.php";break;
case 'second.php' :$ok_url="second.php";break;
case 'third.php' :$ok_url="third.php";break;
}

I understand the 1st part but why the switch?
What if I replace my previous code with only

$url = isset($_GET['url']) ? $_GET['url'] : 'default.php'; echo
'<iframe src="'.$url.'"></iframe>';

Thanks for your input, I'm still learning.

As trookat says, it's for security - you must have one of those values. Otherwise, anyone could put anything in there - potentially displaying things you don't want displayed.

Never trust anything which comes from the user.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@xxxxxxxxxxxxx
==================
.

Relevant Pages

  • Re: New to "complex" html but this *should* be easy...?
    ... On loding the frameset, FrameA contains the form, and FrameB is blank. ... and the PHP page it is sent to display the results in FrameB. ... all to work in the same frame, but that's not the effect I'm aiming for. ...
    (alt.html)
  • Re: alternate file
    ... I am *NOT* a pirate, so don't make an assumption about someone else ... do the trick, i guess removing a frame would do just fine, now, how do ... I do that using PHP? ... JDS Computer Training Corp. ...
    (comp.lang.php)
  • Re: URL parsing, help
    ... like to be in PHP and I can't find how to do it. ... From a page that usually display in a frame I have this JS: ... The switch only make ...
    (comp.lang.php)
  • Re: session trouble
    ... Note that you're building your display block AFTER your loop. ... $_SESSION variable incorrectly - it should be ... JDS Computer Training Corp. ... <?php session_start; ...
    (comp.lang.php)
  • Rookie Question About Include
    ... php). ... I also have a phpBB board which I would like to load inside my frame. ... I used the baseref because otherwise the images wouldn't display. ... an horizontal bar appears in the frame and I have sort of no control ...
    (alt.php)