Variables in URLS

Forum Moderators: coopster

Message Too Old, No Replies

Variables in URLS

m8fyu

8:36 am on Jul 10, 2011 (gmt 0)

I am working on a PHP driven site where vars are passed in the URL.

for example
www.mysite.com/index.php?pageid=rentals&location=england&sublocation=hillingdon&property=15-the-larches

However when I am testing I notice that pages appear even when I don't pass enough vars. I just get a blank template of the page. There is a function that redirects users to the index page if the pageid doesn't exist but if it does exist and no additional vars are passed then an empty page is displayed. All internal links pass the required vars but a user could still manual enter an 'incorrect' URL.

How does this affect indexing in search engines and is there an easy way to stop this from happening?

Thanks for any help.

penders

1:59 pm on Jul 10, 2011 (gmt 0)

As far as search engines go, I would have thought it would only be a problem if people are actually linking to incorrect pages.

"Stop this from happening?" - Stop blank (template) pages? What would be the desired result? I would have thought that either your URL params should default to some value if not provided or if they are critical to what page is actually shown then return a 404 - Page not found error. A blank page is not much help to anyone.

g1smd

4:19 pm on Jul 10, 2011 (gmt 0)

Only serve content when all the variable values are valid.

Serve an error page and the correct HTTP headers above it, all generated by the PHP script, when some or all of the required conditions are not fulfilled.

rocknbil

4:05 pm on Jul 11, 2011 (gmt 0)

Error trapping is your friend. This super-simplified example shows you . . .

$requireds = ('email','fname','lname');

$errors = check_data();
if ($errors) { return_to_page_with($errors); }
else { ok_to_process(); }


function $errors($requireds) { 
 $errs = null;  
 foreach ($requireds as $r) { 
 if (! isset($_POST[$r]) or (isset($_POST[$r]) and empty($_POST[$r])) { 
  $errs .= "<li>The $r field is required to submit this form</li>\n"; 
 } 
 } 
return $errs; 
}

See the logic? Nothing gets past the error check.

You also need to look into cleansing your input and making it safe for database insertion, never use raw input, even from a query string, to insert in a database or use it to perform potentially unsafe operations. There are many posts here about this.

brotherhood of LAN

4:11 pm on Jul 11, 2011 (gmt 0)

Serve a 404 for sure, if the required variables are not there, then it's not a valid request to your site.

I usually go with

if(!$required_stuff)
include_once('404.php');

Where 404.php includes a 404 HTTP header and a custom 404 error page, with an exit(0); on the end of it.

m8fyu

11:44 pm on Jul 12, 2011 (gmt 0)

Thanks so so so much for all the great advice. I'll let you know how I get on.

Thanks again