The best way for loads of IF - ELSE - INCLUDE?

Question

<?php
    if ($page == null || $page == "home")
        require_once ("home.php");
    else if ($page == "bill")
        require_once ("bill.php");
    else if ($page == "product")
        require_once ("product.php");
    else if ($page == "addproduct")
        require_once ("addproduct.php");
    else if ($page == "editpd")
        require_once ("editpd.php");

    /** ... MANY LINES ... **/

    else if ($page == "permission")
        require_once ("permission.php");
    else if ($page == "options")
        require_once ("option.php");
    else // NOT FOUND, REDIRECT HOME
        echo "SOMETHING WENT WRONG";
?>

The above code is loads of IF ELSE and REQUIRE_ONCE.

I have started worrying about the execution time when the system is developed, it means that i have to write IF ELSE and REQUIRE_ONCE more and more.

So i really want to know,

What is a solution or the better way for this in case not use any framework?

@MMK: Is `switch` statement really faster than `IF ELSE` in this case? — InOrderToLive, Dec 03 '14 at 07:47
have a look here http://stackoverflow.com/a/10773060/3935280 — MMK, Dec 03 '14 at 07:50
a better approach is: create an array with all the names of the pages. @Barmar's answer is really cool. You should get rid of all the `if else` — MMK, Dec 03 '14 at 07:57

Barmar · Answer 1 · 2014-12-03T08:03:47.493

4

It looks like all the include files have the same name as $page, so you can use string processing to remove all the duplicate code.

$pages = array('home', 'bill', 'product', ...);
$page = $page == null ? 'home' : $page;
if (in_array($page, $pages)) {
    require_once ($page . ".php");
}

edited Dec 03 '14 at 08:03

answered Dec 03 '14 at 07:49

Barmar

741,623
53
500
612

The "in_array()" is very important in this solution, as it limits the allowed pages to load. Otherwise you'll get a security flaw, where a user can require_once any php on your server. – DThought Dec 03 '14 at 07:58

score 1 · Answer 2 · answered Dec 03 '14 at 07:51

1

$page = preg_replace('/\W+/', '', $page); 
if (is_file($page . '.php')) {
    require_once $page . '.php';
}

or with whitelist

$whitelist = ['permission', '....'];
if (in_array($page, $whitelist)) {
    require_once $page . '.php';
}

or for more performance

$whitelist = ['permission' => true, '...' => true];
if (isset($whitelist[$page])) {
    require_once $page . '.php';
}

answered Dec 03 '14 at 07:51

Michael Freund

234
2
12

btw: require_once isn't a function, it's a statement, like echo... so no ( and ) are needed.... you shouldn't use them – Michael Freund Dec 03 '14 at 07:55
Don't use a solution like this without a whitelist! – DThought Dec 03 '14 at 07:59

score 0 · Answer 3 · answered Dec 03 '14 at 07:52

0

You could use a switch() statement, like so:

<?php
    switch($page) {
        case "home":
        case null:
            require_once ("home.php");
            break;
        case "bill":
            require_once ("bill.php");
            break;
        case "product":
            require_once ("product.php");
            break;
        case "addproduct":
            require_once ("addproduct.php");
            break;
        case "editpd":
            require_once ("editpd.php");
            break;

    /** ... MANY LINES ... **/


        case "permission":
            require_once ("permission.php");
            break;
        case "options":
            require_once ("option.php");
            break;
        default:
            echo "SOMETHING WENT WRONG";
            break:
    }
?>

If however the structure stays the same, maybe this would be a better option:

if(is_null($page)) {
    $page = 'home';
}
if(file_exists($page . '.php')) {
    require_once($page . '.php');
} else {
    echo "SOMETHING WENT WRONG";
}

answered Dec 03 '14 at 07:52

RichardBernards

3,146
1
22
30

1

never ever do this second version please..... require_once understands ../ pathes and you could end $page with null-bytes to include whatever you want – Michael Freund Dec 03 '14 at 07:53
@MichaelFreund Please interpret the full code instead of one line of it... This can never happen since the `file_exists()` function would not find `../.php` a valid filename... – RichardBernards Dec 03 '14 at 07:55
`file_exists('../../../badfile' . '.php')` is absolutely valid, if it exists.... its a bad file_inclusion leak, http://hakipedia.com/index.php/File_Inclusion#wrong_defense_3:_adding_content_to_filename – Michael Freund Dec 03 '14 at 07:58
@MichaelFreund If you have security concerns, please follow the following procedure; 1. lookup function reference on PHP and read the big red outlined part (http://php.net/file_exists). 2. who said `$page` is something a user can alter? It is not specified a whitelist is needed, and this cannot be deduced from the question asked – RichardBernards Dec 03 '14 at 08:03

score 0 · Answer 4 · edited Dec 03 '14 at 08:22

0

if($page == NULL) {
    include 'home.php';
} else {
    include "$page.php";
}

edited Dec 03 '14 at 08:22

Jazi

6,569
13
60
92

answered Dec 03 '14 at 07:56

user4318981

38
3

The best way for loads of IF - ELSE - INCLUDE?

4 Answers4