I am trying to make a custom blog CMS. Each blog post has an ID in my mySQL database.
Basically I need to rewrite:
domain.com/category.php?id=4
to
domain.com/4
But I only want this to work if the ID (in this case 4) exists in the database because I don't want every single number to be rewritten.
Can someone tell me how I can get around with this?
You can use the usual file manipulation functions(fwrite, fopen etc..).
Or you can use Mod_rewrite and PHP. Check this : http://culttt.com/2011/11/16/how-to-make-vanity-urls-using-php-htaccess-and-mysql/
Related
I have a folder where I will save all the posts from a blog. It will be useful for me to have each file with a number. This way I can have things organized and easy to find. But the user does not need that number and it would be better to have a cleaner URL without it.
I am familiar with RewriteEngine rules in the htaccess. But I do not know how to do it in this case.
For example: I would like to have in my local folder and in the server:
www.example.com/blog/4-theTitleOfthe4post
www.example.com/blog/5-theTitleOfthe5post
and so on…
I would like the user to have something like:
www.example.com/blog/theTitleOfthe4post
www.example.com/blog/theTitleOfthe5post
and so on…
Is it possible to have a clean url without the number of the post? and still have the files organized internally and in the server with the number of the post?
Yes.
RewriteRule ^(blog/)(\D*(\d+)\D*)$ /$1$3-$2
https://regexr.com/4kjth
I'm trying to get below URL to do a redirect / rewrite
http://www.domain.com.au/posting?id=44404
Below is what is required:
http://www.domain.com.au/state/category/job_title
Is there a way to do this with PHP MySQL Joomla application?
This is using custom component so I have to retrieve state, category and job_title information from MySQL database. Is there a way to insert them into htaccess or recognise so that it reflects on the URL field instead?
Thanks
If you can write a script to get from /state/category/job_title to an id, then you can use a RewriteMap. You can only define a map in either the server config or a vhost config, not in an .htaccess file.
Say you had a perl script that parsed out the state, category, and job_title, did some database lookups, then output 44404 or whatever the id is. Then you can define the mapping like so:
RewriteMap jobmap prg:/path/to/your/script.pl
Then in the htaccess file in your document root, you can use the map:
RewriteRule ^([^/]+)/([^/]+)/([^/]+)/?$ /posting?id=${jobmap:$1/$2/$3}
If you wanted to enumerate every state/category/job_title combination, you could also use a text file or a dbm file. Or if you have mod_dbd loaded and configured, you can also use a SQL select query
Another alternative is to write some kind of php script and route everything through that. It would essentially be doing what the script.pl example would do, parse out the state/category/job_title fields, and do the proper database lookup to obtain an id. You could then include the posting script and hand over the id.
This is what you are looking for:
http://www.noupe.com/php/10-mod_rewrite-rules-you-should-know.html
but, as you redirect, your id gets lost
You'll have to write all the codes to replace each id with the needed category state and job title in the .htaccess file, I dont think you can retrieve through mysql and use them to replace in the htaccess file.
This is possibly a duplicate question, but I am unable to find the other one if it is.
I was looking for advice on how secure url rewriting is? Does it stop SQL injection, or XSS? If not, how would one circumvate it?
The reason I ask is because I am unsure of the process that rewriting takes. Am I right in believing that this URL could effectively be dangerous:
http://www.website.com/article/1' UNION ALL...
URL rewriting doesn't have anything to do with preventing SQL injections! URL rewriting is mostly used to turn "ugly" URLS (like http://domain.com/index.php?name=1&value=2) into pretty URLs like http://domain.com/1/2).
It doesn't prevent SQL injection at all. SQL injection must be prevented by making sure that user inputs do not contain characters that modify an SQL statement so that it does things that were not intended. Example:
You have an SQL Statement like:
SELECT * FROM $tableName;
And $tableName is a parameter that is entered by the user through a web form. Now the user could enter Users; DROP TABLE Users; --. This would be bad:
SELECT * FROM Users; DROP TABLE Users; --;
This, however, can not be solved by URL rewriting.
no, URL rewrite couldn't prevent XSS or SQL Injection.
If you want to avoid SQL Injection, use DBI Library (with prepare/execute statement) in your code.
If you want to avoid XSS Attack, please filter your user input in your code, too.
URL rewriting and security are two different things. The URL rewrite simply changes the presentation of variables in the url but does not secure at all. We must secure the variables in your code after you recover from the url.
But for SQL Injection based only on the $_GET variable, if we use this:
RewriteRule ^([a-z])-([0-9]).html$ /index.php?page=$1&id=$2 [L]
Is the $_GET["id"] variable injectable? We are forcing the value with only integer.
URL rewriting has feature called 'Request blocking'. You can use this feature to scan and prevent 3rd party tools sending spoof requests.
We send out a newsletter that has URLs in it. Rather than having foreign URLs directly, they all come to our website and then redirect to the outside world.
Right now the redirects are all done with HTML files. My goal is to have them all done with redirects in the .htaccess file. So I want to have the person who is entering all of this data enter it all through the movable type GUI.
My questions:
Is there is plug-in for movable type that already does this?
If not, is there a good template for creating a movable type that allows one to records in the MySQL database?
Thanks.
This could be done in the standard Entry interface in MT. Just dedicate a blog for these redirects. You could make the EntryTitle the redirect and have the EntryBody be the full URL (or use Custom Fields). Then just create an .htaccess template that loops through all the entries.
<mt:Entries lastn="0">
Redirect /<mt:EntryTitle dirify="-"> <mt:EntryBody>
</mt:Entries>
The way I would do this is to create a custom field for the outside URL.
Then I would populate the .htaccess file with something like:
Redirect /
In the above coding, I'm looping through the latest 999 entries and I'm checking if the custom field with the tag 'EntryDataMyCustomField' is filled out.
If it is filled out, then I redirect / to the URL from that custom template.
This is like redirecting say:
/234 to whatever URL you may think of, like say:
http://en.wikipedia.org/wiki/Main_Page
I have a link, let's say: http://site.com/profile.php?id=1 ....In a normal mode, with a normal rewrite I'd have something like: http://site.com/profile/1 . But,...What I want is.....how can I get from the database the username that belongs to the user with the id 1 and make the url http://site.com/profile/FinalDestiny ?
Thanks,
You could use the RewriteMap function of mod_rewrite, but you have to store your id-username pairs either into a text file or a DBM file-based database. Keep in mind that to use this directive you have first to declare it inside httpd.conf, so access and write permissions to httpd.conf are required.
If your users are stored in another database (MySQL or such) I'd suggest you use a text file and simply overwrite it any time an user is added or deleted.
If you've got enough users to make using a DBM a sensible choice you can either try to use PHP's DBA functions or make a text file as above and use Apache's utility httxt2dbm to convert it into a database (via exec() or such).
RewriteMap also allows using an external program (say, a PHP CLI script) to return the URL mapping, but it seems like overkill...
You want to make a rule which rewrites http://site.com/profile/FinalDestiny to http://site.com/profile.php?username=FinalDestiny and then do a database query in profile.php to find the id of the user with that username.