Skip to content
Advertisement

How to avoid false variable with htaccess and php

Hi guys im new in stackoverflow so here is my problem

i have a controller file php and my htaccess

if have this php controller

if ($_GET['var1'] and $_GET['var2']){include_once('file.php')}

and this htaccess

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/?$ /controller.php?id=$1 [QSA,L]

my problem is

if i type www.site.com/var1/var2/ this one is a real path so, is ok. but if i type www.site.com/var1/var2/hjwuwjais/ this url need show error 404 but still show file.php because have var1 and var2..

-------------real-real-non-exist--    
www.site.com/var1/var2/hjwuwjais/

so how i can solve it… if i type any false or non-existent var in url show 404?

Advertisement

Answer

Filling in the missing gaps in your question, maybe you should only rewrite to your controller when you have exactly two path segments?

For example:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+/[^/]+/?)$ /controller.php?id=$1 [QSA,L]

So, only requests of the form /<something>/<something>/ (trailing slash optional) are routed to your controller. Anything else will naturall fall through to a 404 (unless it happens to map to a physical file).

This handles an optional trailing slash, although you should ideally include it or omit it from your URLs.

If you are more restrictive in your regex then you can probably avoid the filesystem checks.

Incidentally, in your original regex ^(.*)/?$, the trailing /? is entirely superfluous since the capturing subpattern .* is greedy.


UPDATE:

but if i type www.example.com/var1/var2/hjwuwjais/ this url need show error 404 but still show file.php because have var1 and var2.

Ah OK, that would seem to render my answer above incorrect. But also this doesn’t have anything to do with .htaccess? And as noted in comments, doesn’t really make sense. (?)


Aside:

if have this php controller

if ($_GET['var1'] and $_GET['var2']){include_once('file.php')}

I assume this is very pseudo-like code… where are $_GET['var1'] and $_GET['var2'] coming from? You are only passing $_GET['id'] to controller.php?

User contributions licensed under: CC BY-SA
9 People found this is helpful
Advertisement