Using variable content to display page or tab title

General PHP Help
#1

I’m using an include script to display the title of each page with the html tag as follow:

First, I include each page:

if ( (isset($_GET['page'])) && (isset($checkPage[$_GET['page']])) ) {
				include($checkPage[$_GET['page']]);

with this include.php script:

$checkPage = array('Livre' => 'livre.php',
		'Star_Trek' => 'startrek/startrek.php',...);

to secure my links.
Second, I’m using this title script to display the page and tab titles:
HTML:

<title>
<?php
	if ( (isset($_GET['category'])) && (isset($checkTitle[$_GET['category']])) ) {
		echo $checkTitle[$_GET['page']].' - '.$checkTitle[$_GET['category']];
	}
	elseif ( (isset($_GET['page'])) && (isset($checkTitle[$_GET['page']])) ) {
		 echo $checkTitle[$_GET['page']];
	}
	else {
		echo 'Accueil';
	}
?>
</title>

and this title.php script:

$checkTitle = array('Livre' => 'Livre d\'Or',
		'Star_Trek' => 'Star Trek', ...);

But, the TV Series section displays each record from the database.

Here, I’m using this link from series menu display, using the series Id to search the database:

echo '<p><a href="accueil.php?page=Series_Record&series='.$row['seriesId'].'">'.$row['seriesTitle'].'</a></p>';

I tried everything without success to display the title in the browser’s tabs. It should display “Record - *Series Title”.

The only working thing is this one, but it causes a security issue:

echo '<p><a href="accueil.php?page=Series_Record&series='.$row['seriesId'].'&title='.$row['seriesTitle'].'">'.$row['seriesTitle'].'</a></p>';

Could someone help, please ?

#2

How is what you are doing in this thread different from your last thread? From my reply in your last thread -

If you have a database based Content Management System (CMS), why do you have arrays with data too? The point of a CMS is - you query the database to get the data that you need to produce the dynamic sections on the page.

For a CMS, you would confirm that input data is a permitted value by querying to find the corresponding data in the database. If the input isn’t a valid value, the query won’t match any data. You would either display an error that the data item doesn’t exist or you would use a default value instead.

#3

How is what you are doing in this thread different from your last thread? From my reply in your last thread
I thought dealing with security isn’t the same as displaying an error message on wrong parameter input. But, meanwhile, I found a solution.

I write my query right before the condition.

Sponsor our Newsletter | Privacy Policy | Terms of Service