homepage Welcome to WebmasterWorld Guest from 54.196.168.78
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Subscribe to WebmasterWorld
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
force dynamic url values
force dynamic url values
londonhogfan




msg:3745860
 7:28 pm on Sep 16, 2008 (gmt 0)

first of all.. I have no idea if that makes sense.

I have a site that lists football games pulled from a mysql database by the "gameID"

the dynamic url for the page is.

domain.com/game/games.php?id=$1

I have added...

&opp=$2&date=$3

to the url so I can pull the opponents name and the date of the game in order to use mod_rewrite urls. that way the address will be something like this.

game/100/vanderbilt/September-15-1990/

the problem is you can also change the values I added "opponent" and "date" to whatever you like and the page still loads the same.

is there a way I can force these to match the data from the page it's self?

Thanks in advance for any help.

 

npwsol




msg:3745882
 8:04 pm on Sep 16, 2008 (gmt 0)

Since with mod_rewrite you'll be getting the individual values in variables, it should be easy. On page (in the PHP), just transform them to their database formats and compare them to the results returned by the query for gameID. If you don't have a match, display a generic error or redirect them.

You may be able to change the displayed URL in the browser using JavaScript, but it's fairly pointless. Most users will only enter the page with correct values (unless there is a bug in your code), and anyone who is trying to change them is likely not to be someone you want on your site anyway.

Just remember to sanitize URL data before you use it in a query and you'll be fine.

EDIT: Sanitize ALL data before you use it (in a query or in output), of course, just pay extra attention to the URL here.

londonhogfan




msg:3745890
 8:13 pm on Sep 16, 2008 (gmt 0)

thanks for the reply.

I didn't write the PHP myself, and I have very little php knowledge. I designed the database and I can usually figure out what the php is trying to do, but when you say "transform them to their database formats..." I'm not sure what you mean.

my main concern for this is I just recently had to change a couple of dates for the games. There is a chance for duplicate entries for a single game since both dates would work and the page would load either way. I'm trying to figure out a way to return an error if the date or the opponent doesn't match what is listed by the gameID.

Thanks again.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved