标签云

微信群

扫码加入我们

WeChat QR Code

i have a new website (i'm building one right now) and i want to make sure i do it correctly and not redesigning after 1 month.so i have pages like:/candy/candy/chocolate/drink/drink/beerso i look on stackoverflow about how can i do this and i found:RewriteRule ^([a-z]+)/([a-z]+)/?$ index.php?category=$1&page=$2 [NC,L]now, this will work but my question is about execution. obviously the $_GET[category] will be the name and page will be chocolate for example.now when i do my query i will do: $sql = "SELECT myfields FROM mytable WHERE name = '" . $_GET['category'] . "'";now, would it be better if i use the primary key which is an INT. if so, what can i do in my .htaccess to do this?


If name is unique, then it doesn't matter. If name is not unique, you are in deep shit.

2019年04月22日22分19秒

bianca: would you mind URL like stackoverflow use: /id/category/page? like: /123/candy/chocolate/ which the key of candy and chocolate is unique and 123 is the last page in this case chocolate ID?

2019年04月22日22分19秒

i would preferably not since but if its the only option then i guess so.

2019年04月22日22分19秒

you have access to the httpd.conf or apache2.conf?

2019年04月22日22分19秒

oh then no you don't have access to this apache files (which are config).

2019年04月22日22分19秒

The "SELECT ... FROM ... WHERE name = '" . $_GET['category'] . "'" part is certainly more worthy to mention than the original question itself! Please, protect your code from SQL injection, do not just stuff user input in your SQL queries. You can add more protection by selecting all category names from DB first and then checking if $_GET['category'] is known category name by something like array_key_exists.

2019年04月22日22分19秒

hijarian Don't see how that is more secure than addslashes. There is no way of injecting code either way, and addslashes is a lot shorter. Some people would suggest using mysql_real_escape_string, but that only matters if you use a characterset other that ISO-8859-1 or UTF-8.

2019年04月22日22分19秒