I need visitors to change theme colors and background with a simple drop down menu theme selector. The select menu will send the form to index.php with a GET string ?theme=choice and PHP will take this GET and convert it to the site's css theme. I have 5 different CSS files (themes).
The select menu is done, but now I need PHP to handle the form in a correct and safe way. I do not know if Cookies are a good way but many says cookies are not a good idea so my idea is to maybe just add the ECHO theme and GET theme to all pages.
Here is what I have but is not working. I do not know how to make it better any ideas and help are welcome.
<head>
<?php
$theme = $_GET['theme'];
$security = mysqli_real_escape_string($theme);
//don't know if needed because database will not be used for this
$onlynumbersandletters = preg_replace('/[^A-Za-z0-9\-]/', '', $security);
//allow only letters and numbers for more safety is needed ?
// No database used but can someone hack a GET for this like in MySQL ?
//CODE
if(!empty($_GET['theme'])){
echo '<link rel="stylesheet" type="text/css" href="css/default.css" />';
}
else {
echo '<link rel="stylesheet" type="text/css" href="css/$onlynumbersandletters.css" />';
}
?>
<!-- other elements in head -->
</head>
I am new to PHP, the code I don't know if it is safe or can be improved but I dont get the correct theme when changing from select menu.
Any ideas ?
