我想去的网页是https://example.com/portal/projects.php?action=projectdetails&id=18
我有一个名为projects.php的文件,它查找变量并包含正确的页面(projectsm projectdetails,projectedit ...)但我不知道如果有页面定义如何使脚本检测(?action=projectdetails
)&id
变量告诉服务器在数据库上查询哪些id来检索信息。
这是我目前的代码(不起作用)
<?php
session_start();
ob_start();
$currentPage = 'usrprojects';
require ('assets/config.inc.php');
if (isset($_SESSION['logged_in']) != true) {
header("location: login.php");
}
else {
if (isset($_GET['action'])){
if( isset($_GET['projectdetails']) && $_GET['projectdetails'] == "")
{
echo "asd";
}
}
else {
require 'includes/pages/projects.php';
}
}
?>
我认为以上更可能是这样的,因为你试图找到一个GET变量是否等于projectdetails
而不是找到一个名为projectdetails
的GET变量
session_start();
ob_start();
$currentPage = 'usrprojects';
require ('assets/config.inc.php');
if ( isset( $_SESSION['logged_in'] ) != true ) {
header( 'location: login.php' );
} else {
if ( isset( $_GET['action'] ) ){
if( $_GET['action'] == 'projectdetails' ) require 'includes/pages/projects.php';
else echo 'asd';
}
}
但是,正如我在评论中提到的,您可能想要使用白名单的想法 - 这样的粗略想法:
session_start();
ob_start();
if( empty( $_SESSION['logged_in'] ) ){
exit( header( 'location: login.php' ) );
}
$whitelist=array(
'projects' => array('script'=>'includes/pages/projects.php','level'=>3),
'admin' => array('script'=>'includes/pages/admin.php','level'=>1),
'other' => array('script'=>'includes/pages/other.php','level'=>5)
);
$currentPage = 'usrprojects';
require ('assets/config.inc.php');
if( !empty( $_GET['action'] ) && array_key_exists( $_GET['action'], $whitelist ) ){
$action = $whitelist[ $_GET['action'] ]['script'];
$level = $whitelist[ $_GET['action'] ]['level'];
if( file_exists( $action ) && $_SESSION['level'] <= $level ) require $action;
}