使用php发送值进行URL重写以进行查询

时间:2014-02-02 06:34:20

标签: php .htaccess

我有以下php它工作正常,并打开具有正确ID的detail.php页面。

<a href="contents/details.php?b_id=<?php echo $business["id"]; ?>" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name"]; ?></h1></a>

这是网址重写规则:

RewriteRule ^b_id-([a-zA-Z0-9_-]+)-([0-9]+).html$ contents/details.php?b_id=$2

现在尝试更改上面的php以使用rewriterule,这里是更新的php:

<a href="contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html" style="text-decoration:none; color:#000;"><h1 style="text-transform:capitalize; margin-bottom:5px;"><?php echo $business["name"]; ?></h1></a>

这产生以下RUL和ERROR:

http://localhost/sbd/contents/details.html?b_id=12-Testing%20my%20own%20business.html
  

您的SQL语法有错误;检查手册   对应于您的MySQL服务器版本,以便使用正确的语法   在第1行'my own business.html'附近

这是sql查询:

public function getBusiness($business_id) { // If business id null then this function returns whole businesses.
    $selectQuery = "SELECT b.name, b.description, b.address_1, b.address_2, b.location, b.ph_office, b.ph_cell, b.fax, b.email, b.website, b.image, b.image_1, b.image_2, b.image_3, b.contact_person, city.name as city, cat.name as category, country.name as country_name, region.name as region_name FROM tbl_business as b INNER JOIN tbl_city as city ON city.id = b.location INNER JOIN tbl_category as cat ON cat.id = b.category_id LEFT OUTER JOIN tbl_country as country ON country.country_iso = b.country_iso INNER JOIN tbl_region as region ON region.id=b.region WHERE b.id = ". $business_id;
    //$selectQuery = "SELECT * FROM tbl_business WHERE id=25";
    $resultSet = mysql_query($selectQuery) or die(mysql_error());
    $dataArray = array();
    if(mysql_num_rows($resultSet) > 0) {
        $row = mysql_fetch_array($resultSet);
        //print_r($row); exit;
        if($row["image"] == "") {
            $row["image"] = "images/noimage.jpg";
        }
        else {
            $row["image"] = "uploads/". $row["image"];
        }
            $dataArray = array(
                "name" => str_replace("^", "'", $row["name"]),
                "description" => str_replace("^", "'", $row["description"]),
                "address_1" => str_replace("^", "'", $row["address_1"]),
                "address_2" => str_replace("^", "'", $row["address_2"]),
                "location" => str_replace("^", "'", $row["location"]),
                "ph_office" => str_replace("^", "'", $row["ph_office"]),
                "ph_cell" => str_replace("^", "'", $row["ph_cell"]),
                "fax" => str_replace("^", "'", $row["fax"]),
                "email" => str_replace("^", "'", $row["email"]),
                "website" => str_replace("^", "'", $row["website"]),
                "image" => $row["image"],
                "contact_person" => str_replace("^", "'", $row["contact_person"]),
                "city" => $row["city"],
                "category" => $row["category"],
                "country_name" => $row["country_name"],
                "multiple_images" => array($row["image_1"], $row["image_2"], $row["image_3"]),
                "reviews" => $this->getAllReviews($business_id),
                "region_name" => $row["region_name"]
            );
    }
    return $dataArray;
}

这是php:

$b_id = $_REQUEST["b_id"];
if($b_id == "") {
    header("Location:../index.php");
}
$dal = new DataAccess();
$detailsArray = $dal->getBusiness($b_id);

//print_r($detailsArray["multiple_images"]); exit;
$address = "";
if($detailsArray["address_1"] != "") {
    $address .= $detailsArray["address_1"] . ", ";
}

if($detailsArray["address_2"] != "") {
    $address .= $detailsArray["address_2"] . ", ";
}
$address .= $detailsArray["city"] . ", " . $detailsArray["region_name"] . ", " . $detailsArray["country_name"];
//echo $address;
?>

问候:

2 个答案:

答案 0 :(得分:0)

如果您的重写规则

RewriteRule ^b_id-([a-zA-Z0-9_-]+)-([0-9]+).html$ contents/details.php?b_id=$2

是对的,那么你首先应该回复$business["name"] var然后回复$business["id"]

<a href="contents/details.html?b_id=<?php echo $business["name"]; ?>-<?php echo $business["id"]; ?>.html" ...

或者将重写规则更改为:

RewriteRule ^b_id-([0-9]+)-([a-zA-Z0-9_-]+).html$ contents/details.php?b_id=$1

答案 1 :(得分:0)

您有几个错误:首先,您所拥有的链接与您的重写规则不匹配,因为它链接到

contents/details.html?b_id=<?php echo $business["id"]; ?>-<?php echo $business["name"]; ?>.html

即使您将其更正为以下内容,您的规则也会失败,因为您的标题包含空格。

/b_id-<?php echo $business["name"]; ?>-<?php echo $business["id"]; ?>.html

我建议将$business["name"]翻译成seo-title(例如全部小写,将所有非小数字字符替换为-,将-的所有多个实例替换为-然后你的规则就可以了。

$title = 'A Purple PolarBear\'s Meal';
$seo_title = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $title ) );
echo $seo_title; //penguin; I mean: a-purple-polarbear-s-meal

您获得的错误与SQL(显然)有关。我怀疑你没有足够清理你的数据,导致查询无效。攻击者可以滥用同样的方法通过mysql注入暴露机密数据(如密码)或控制您的站点。有关详细信息以及如何防止这种情况,请参阅this question

相关问题
最新问题