<!-- All of the content stays in the index -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Home Page</title>
</head>
<body>
<nav>
<div>
<!-- this should get replaced with DB GET, not a page -->
<a href="index.php?page=welcome">
Welcome</a>
</div>
<div>
<a href="index.php?page=contact">
Contact</a>
</div>
</nav>
<div id="main">
<?php
$LINK = mysqli_connect('127.0.0.1','pisjo950','vjPRjFTxDVIoG7)t','pisjo950');
if(isset($_GET['page']))
{
if (isset($_GET['page']) && $_GET['page'] === 'cms') {
// Redirige vers la page cms.php si nécessaire
header("Location: cms.php");
exit();
}
// get content of the paramter
$page = $_GET['page'];
// sanitize
$page = str_replace('..','',$page);
$page = str_replace('/','',$page);
$page = str_replace('\\','',$page);
$query="SELECT *
FROM pages
WHERE pagename='$page'";
//echo $query;
$result=mysqli_query($LINK,$query);
if(!$result)echo mysqli_error($LINK);
for( $i=0 ; $i<mysqli_num_rows($result);$i++)
{
$row=mysqli_fetch_assoc($result);
echo '<br>';
echo $row['content'];
}
}
?>
</div>
</body>
</html>