4 replies to this topic

[Killswitch]

I have a question for anyone who has any knowledge about php navigation.
I have been designing a backend for my content management system and am just about ready to start designing a frontend around this. I want, I mean I have to be able and have human friendly URL's and am not sure how to go about this.

I planned to use $_GET to retrive section id, category id, then the content id (so url would reflect index.php?sec=2&cat=4&content=67 , or something along them lines). With htaccess, I only know how to cause that url to change to index/2/4/67 and similar. What I want is to have the URL human friendly with the titles instead of ID numbers.

I was thinking that I would obviously use $_GET to retrive the titles of each item (though the id is primary), but wasn't quite sure what problems this would lead to (I cant set the item as an integer to protect against attacks). Is this how it would be done, or is there a way to substitute this out in the htaccess? I dont want to add a few hundred lines to htacess to do this either (unless there is an automatic way to get PHP to write them).

Thanks for any help, suggestions, or tutorials you can point me to. If anyone is interested, I will share code once its completed (or before if you ask me).

If it helps, I also have menu items that are shown depending on the section id.

Edited by Killswitch, 11 September 2007 - 11:17 PM.

[dotbart]

I couldn't tell you exactly how to do this in .htaccess because my knowledge there is quite limited ;-)

I'll give you some tips tho.
If you only have 'index/value1/value2/value3' you could use the following in my knowledge:

RewriteEngine On
RewriteRule ^index/(.*)/(.*)/(.*)/ index.php?sec=$1&cat=$2&content=$3

If you want to do this in PHP, you could let any page redirect to index.php
Maybe someone else can help you with that .htaccess code, don't know it to be honest, PHP would look like this:

//get an array of the requested URL
$exploded_url = explode("/",$_SERVER['request_uri']);
$sec = $exploded_url[0];
$cat = $exploded_url[1];
$content = $_exploded_url[2];

But the first .htaccess code should help you out I think



B

[Killswitch]

Thanks. I will play around and see what happens and continue hunting a tutorial or something down.

[nitr0x]

I'm not too sure it's entirely possible to convert the url like that. The only way it's possible is if you actually select from the table the titles. Problems this may cause is duplicate titles being selected. But you can still prevent attacks by making the source safe to use. Example

//This function will clean the gets so they are safe to use.
function Clean( $x ){
	$x = strip_tags( $x );
	$x = htmlspecialchars( $x );
	$x = stripslashes( $x );
	$x = mysql_real_escape_string( $x );
		
	return $x;
}

$item = Clean( $_GET['item'] );
//etc.

[Killswitch]

nitr0x, on Sep 13 2007, 06:45 PM, said:

I'm not too sure it's entirely possible to convert the url like that. The only way it's possible is if you actually select from the table the titles. Problems this may cause is duplicate titles being selected. But you can still prevent attacks by making the source safe to use. Example

//This function will clean the gets so they are safe to use.
 function Clean( $x ){
	 $x = strip_tags( $x );
	 $x = htmlspecialchars( $x );
	 $x = stripslashes( $x );
	 $x = mysql_real_escape_string( $x );
		 
	 return $x;
 }
 
 $item = Clean( $_GET['item'] );
 //etc.

Thanks. I wasn't quite sure what to involve with cleaning $_GET using page names and titles instead of integer values. When unsure, I usually just use strip_tags and mysql_real_escape_string.

Edited by Killswitch, 16 September 2007 - 09:34 AM.