PHP - How to show different picures in different pages

Hello,

I need your help please, since I am missing the first part of the code, for a banner on a right bar I need to tell the server something like this:

if the page ends in /?lang=en
echo picture X
else echo picture y

I have the echo part of the code, which is working properly, however how do I ad the "if" part?

sorry for the ignorance :slight_frown: but thank you for your help... :slight_smile:

  • Adam Czajczyk

    Hello Fortunella74,

    I hope you're well today and thank you for your question!

    I assume that you're using WPML plugin with your WordPress site to switch languages. Is that right?
    In case of WPML you may use this to retrieve selected language:

    $sitepress->get_current_language()

    In case of "/?lang=en" it should return "en" so the code could be e.g. like this (PHP):

    $my_lang = $sitepress->get_current_language();
    if ($my_lang == 'en') {
     /* your code for picture 1 */
    }
    else
    {
     /* your code for picture 2 */
    }

    Alternatively, this would also work:

    $my_lang = $_GET['lang'];
    if ($my_lang == "en") {
    /* here goes the same code as previously */

    That second example shouldn't be used however without proper sanitization of "$my_lang" value, especially if there are any db queries run based upon that value. Otherwise it may cause a serious security issues.

    I hope that helps!

    Best regards,
    Adam

  • Fortunella74

    Thank you soo much!

    The first code, for some reason didn't work, however the second did.

    The problem is that I am quite worried about the "sanitization" which I tried to read about and I am not quite sure I understand how it works.

    I doubt that "$my_lang" value appears anywhere else, however I may be wrong.

    Any way you can help me understand what should I do with this "sanitization" issue?

    Than you so much, I very much appreciate your help so far!!!

  • Adam Czajczyk

    Hello Fortunella74!

    The "$my_lang" variable name and value probably do not appear anywhere else indeed. The important part here is that you never should use "raw" POST/GET data without securing it first. That's because a lot of "not so fancy" malicious code can be injected to the site this way: starting from relatively harmless "for fun" JS code, ending on scripts that take over your entire page or even server.

    Assuming that you do not write the value of "$my_lang" to the database but use it ONLY to control "if ... else... " conditional statement, you could use something like this (that's basic but should give you an idea):

    $my_lang = preg_replace('/[^-a-zA-Z0-9_]/', '', $_GET['lang']);

    This will make sure that $my_lang value contains only letters, numbers and underscores. Another way:

    $my_lang = htmlspecialchars($_GET['lang']);

    That's not especially "strong" but if you do not use value of variable for anything else than aforementioned "if..." it should do the trick.

    If your server operate PHP > 5.2 you could also use instead built-in PHP filters like this:

    $my_lang = (string)filter_input(INPUT_GET, 'lang');

    http://php.net/manual/en/function.filter-input.php

    I hope that helps!

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.