I have this friendly url that i’m using on my website:
https://myexample.com/post/10/post-title
I’m trying to do something that deny user to access directly in parameters value. For example, if user try to put another id inside url above, htaccess will redirect him to 404 page.
Below is my htaccess code that convert my url get parameters to friendly url and works like a charm:
RewriteEngine On RewriteRule ^post/([^/]*)/([^/]*)$ /news?id=$1&title=$2 [L]
In this case, how can i improve my htaccess to do this?
Any help i appreciate.
Advertisement
Answer
I found a way to solve my problem and works fine:
My .htaccess:
RewriteEngine On RewriteRule ^post/?(.*)/([^/]*)$ /news?id=$1&title=$2 [L]
First, i implemented a function that replace spaces and special characters on title parameter on news.php:
function sanitizeString($str) {
$str = preg_replace('/[áàãâä]/ui', 'a', $str);
$str = preg_replace('/[éèêë]/ui', 'e', $str);
$str = preg_replace('/[íìîï]/ui', 'i', $str);
$str = preg_replace('/[óòõôö]/ui', 'o', $str);
$str = preg_replace('/[úùûü]/ui', 'u', $str);
$str = preg_replace('/[ç]/ui', 'c', $str);
$str = preg_replace('/[^a-z0-9]/i', '-', $str);
$str = preg_replace('/_+/', '-', $str);
return $str;
}
And then i created a script on news.php that check if id and title parameters are related correctly on MySql:
include 'connection.php';
$stmt = $db -> prepare('SELECT id, title FROM posts WHERE id = ?');
$id = $_GET['id'];
$stmt -> bind_param('i', $id);
$stmt -> execute();
$stmt -> store_result();
$stmt -> bind_result($postID, $title);
$stmt -> fetch();
$stmt -> close();
$db -> close();
$postTitle = sanitizeString(trim(strtolower($title)));
if($_GET['id'] != $postID || $_GET['title'] != $postTitle){
header('location: /404.html');
exit();
}else{
echo 'Everything Fine';
}
Basicly, based on code above, if an user try to manipulate parameters inside URL like id /10/ and title /post-title:
https://myexample.com/post/10/post-title
for example, the script will redirect user to 404 error page or Page not found or some custom page.
If someone has a better way to improve this, please tell here.
Hope that question can help another persons.