How is this done
Code:http://www.gaiaonline.com/marketplace/itemdetail/50593
If I had to do something like that, it'd look like this
Code:http://www.gaiaonline.com/marketplace.php?itemid=50593
Printable View
How is this done
Code:http://www.gaiaonline.com/marketplace/itemdetail/50593
If I had to do something like that, it'd look like this
Code:http://www.gaiaonline.com/marketplace.php?itemid=50593
Arti will know, but I'm pretty sure its an appache setting called Mod_Rewrite or something similar to that. Do some google searches on the topic and I'm sure you'll find what you're looking for.Quote:
Originally Posted by Stapled
It's a common use of Apache's mod_rewrite module. The idea being you set up a range of regular expression rules in an .htaccess file, and these rewrite rules map to different files on the server (also allowing you also to pass through data matched by your regular expression).
So, for example:
Some examples of URLs matched by that rewrite rule might include:Code:RewriteRule ^user\/([a-z0-9\-]+)$ user.php?username=$1
When a match against that URI is found, Apache internally maps the request to user.php and passes our matched text through within the query string (so you could retrieve the username with $_GET['username'].Code:http://example.com/user/artificial
http://example.com/user/stapled
http://example.com/user/matt-smith
http://example.com/user/matt-smith-1
So for a marketplace item, you could have an htaccess file of:
And http:// example.com/marketplace/itemdetail/123 would get mapped to marketplace.phpCode:RewriteEngine On
RewriteRule ^marketplace\/itemdetail\/(\d+)$ marketplace.php?itemdetail=$1
Though most modern frameworks these days will set up a blanket rewrite rule, which maps every URI to a single entry point. Something like:
And they'll leave it up to their application to determine what they want to do with the request. However, if it's only a small application, you can probably get away with creating individual rewrite rules :-p. If you're interested in this sort of stuff though, you'll probably want to read up on MVC architecture in your free time, and have a go at a PHP MVC framework. If you do, I highly recommend having a look at Yii. If you use it enough you'll fall in love with it.Code:RewriteRule . index.php
Thanks guys.
I'm trying to make a simple energy based just so I can work on my skills over the summer before I return to school in september. My plan in doing so is to explore new things they don't/haven't taught in school. Before I went to college I wasn't a huge fan of web programming but after my basic class that just taught html,css, and javascript I knew it was what I wanted to do.
Also, the first URL is much less exploitable than the second. All SQL injections are through vuln.com/vuln.php?blabla=1 type URLs, not vuln.com/vuln/1 haha.
That's not true, they are essentially the same thing either way. If an exploit can be applied to the PHP argument itemid, then an exploit would most likely also work through the second example.Quote:
Originally Posted by Flareboy323
Oh really? That's cool, I actually didn't know that. I figured the second one wouldn't be able to take the same type of input like the first one does, but I'm guessing you're correct.Quote:
Originally Posted by Tree
You're only right in the sense that, rewrite rules are often much more explicit. If you look at my regular expression pattern, I'm only accepting characters in the range of a-z, A-Z, 0-9 and - (and passing through some funky characters that aren't in the query string can often create a malformed URL. Still not impossible though).Quote:
Originally Posted by Flareboy323
It can also be a mix of apache's mod_rewrite, and using the HTTP REQUEST_URI, and PATH_INFO variables that are set during web requests.
mod_rewrite isn't necessary if you have a default handler (controller) that services all requests. You can write a controller that starts going up the REQUEST_URI path tree and checking to see if that's a valid PHP script/whatever, and then setting its arguments as the remaining arguments. Ex: /marketplace/itemdetail/50022 would check /marketplace/, then /marketplace/itemdetail/ for a valid index.php file, and then pass in the remaining parts (50022 in this case).
Take a look at this for more HTTP environment variables:
PHP: $_SERVER - Manual