开发者

Permalink, .htaccess pretty urls

问答 作者:

I'm really sorry if i'm annoying you guys but this is my final question in regards to .htaccess tricks

I need wordpress style, 'pretty permalinks'

But It's too confusing for me.

I need, this url http://test.com/?page=test&ID=1 to be http://test.com/test/NAMEFROMDATABASE

How? I know h开发者_运维技巧ow to get ID=1 by using $_GET['ID'], but how do I put a value from the database in the url, and read it?

you can not get ID value by $_GET['ID'] directly from this URL : http://test.com/test/NAMEFROMDATABASE.

You can get ID by following below logic.

  1. create link by category name. i.e. if you have category laptop then create link like http://test.com/category/CATNAME

  2. Write rewrite code in htaccess.RewriteRule ^category/(.*)$ categories\.php?CNAME=$2&%{QUERY_STRING} [L]

  3. in PHP code get category ID from category name.$catName=$_GET['CNAME']

OR

  1. create link by category name and category ID. i.e. if you have category laptop then create link like http://test.com/category/CATNAME-ID-CATID
  2. Write rewrite code in htaccess. RewriteRule ^category/(.*)-ID-([0-9]+)$ categories\.php?ID=$2&%{QUERY_STRING} [L]
  3. in PHP code get category ID directly. $catID= $_GET['ID']

How? I know how to get ID=1 by using $_GET['ID'], but how do I put a value from the database in the url, and read it?

You get the value from the database like so:

$id = mysql_real_escape_string($_GET['id']);
$sql = "SELECT folder, urlname FROM urls WHERE id = '$id' ";
// don't forget to single quote '$id'       ^   ^  or you'll get errors
// and even worse mysql_real_escape_string() will not protect you.
if ($result = mysql_query($sql)) {
  $row = mysql_fetch_row($result);
  $pagename = $row['urlname'];
  $folder = $row['folder'];
}

If you know id is an integer you can also use $id = intval($_GET['id']);
I recommend always using mysql_real_escape_string() because it works for all values and intval only works for integers.
In SQL it is never a problem to quote numbers, so make a habit of always quoting everything.
That way you cannot make mistakes.

You can never do 

$sql = "SELECT urlname FROM urls WHERE id = '{$_GET['id']}' ";

Because that's an SQL-injection security hole.

See:
How does the SQL injection from the "Bobby Tables" XKCD comic work?
http://php.net/manual/en/function.mysql-query.php
http://php.net/manual/en/function.mysql-fetch-row.php
http://php.net/manual/en/function.mysql-connect.php
http://php.net/manual/en/function.mysql-close.php

You can't do that in htaccess, you will need to adjust your script so instead of receiving id=1 will receive name=xxx. Than it will look for the name in database and compute the ID

Okay, so in .htaccess you'll have something like this

RewriteRule ^something/(.+)\.htm$ something/file.php?djname=$1

In your php script you'll have

$name = mysql_real_escape_string($_GET['djname']);

$sql = "SELECT * FROM djtable where name='" . $name . "' LIMIT 1";

OBS: 1. Use proper escaping of the sql. 2. Make sure the dj names are distinct in the database.

继续阅读:.htaccessmod-rewritepermalinksphp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9