How to get the name of parent page ?

eurob · 04-09-2005, 10:18 AM

hi,

Newbie here.
I'd like to have php return the name of the page that is loaded, e.g.,
in a parent document, 'example.php' I do a <include("body.inc";> and then I'd like to put some code in 'body.inc' that can fetch the name of the parent, in this case, 'example.php'

Appreciate your help.

robert

sde · 04-09-2005, 10:35 AM

use variable: $_SERVER['PHP_SELF']

you should really name all of your includes with a .php extention. since most web servers are not setup to parse .inc files in php, then someone could view your source code in case you are using php code in your .inc file.

if you must name it with a .inc, then name it body.inc.php. it is good practice and more secure.

eurob · 04-09-2005, 10:59 AM

thanks a lot,

it works great

robert

teknomage1 · 04-09-2005, 12:48 PM

Lot's of servers support .phps, though. There's also a .htaccess directive you can use on apache based servers.

sde · 04-09-2005, 01:42 PM

still very bad practice IMO. there is absolutely no good reason why you should name files like that in the first place.

DJMaze · 04-09-2005, 01:55 PM

a) prevent execution by using .inc extension (just shows source)
b) they must be loaded thru another php file

Showing the source of a .inc file is nothing bad.
If it's OS code i don't care a thing actualy.

If you have a bug in your OS file and it's .php instead of .inc then people can try to hack in (especialy when register_globals is on)

So i use .inc and untill my script becomes commercial i change.

sde · 04-09-2005, 05:25 PM

what do you mean by "OS code" ?

Quote:

So i use .inc and untill my script becomes commercial i change.

sounds like just an extra piece of work to me. when you eventually change the file name, won't you have to test for the "hacking" you are using .inc files for in the first place?

b) you mean primarily for database security? if your connect script is not in the file you're concerned about, then they probably can't do much to your db by calling it by itself. on the other hand, a .inc file would give someone a good idea of what your db structure looks like if you're working with a db.

to each his own. however, considering this guy is "NEW" to php, you gotta agree it is definately not a good habbit for a newbie. there are books out there that tell you to make a db connection include named "connect.inc" .. really nice way to expose your db login info to the world.

redhead · 04-09-2005, 08:49 PM

when using .inc anybody can view your source. if they encounter an error saying:
Error found in /web_space_user/include/my_php.inc they can try to fetch it directly,m viewing it as clear text, giving them a view in to your coding habit. If you like to use md5sum() or what ever...
It is very unsecure to call your include files .inc. or anything else that isn't executed by teh web server.

redhead · 04-09-2005, 08:51 PM

****, i'm drunk now, but I still stand by my expression in the earlier post.

sde · 04-09-2005, 08:57 PM

Quote:

Originally Posted by redhead

****, i'm drunk now, but I still stand by my expression in the earlier post.

have one for me 2, cheers

DJMaze · 04-10-2005, 08:35 AM

Agreed that newbies should use .php as extension epecialy when it comes to sensitive information.

OS = OpenSource
OSS = OpenSource Software

teknomage1 · 04-10-2005, 09:56 AM

I feel like a different extension is clarifying as to the purpose of the file, but you should not use a different extension if the server isn't set up to process it as php.

here is the apache code to execute .inc as php files

Code:

<IfModule mod_mime.c>
    AddType application/x-httpd-php .inc
</IfModule>

Alternatively apache also recognizes application/x-httpd-php-source .