我试图通过在我的目录中添加.htaccess文件来获得更清晰的URL。然而,我偶然发现了一个小问题,我还没有弄清楚如何解决。我为会员提供了在我的网站上发布内容的机会。发布内容时,会保存并修改标题以用于获取更清晰的URL。例如
/dir/post.php?id=362 with the title [Hello friends] becomes ->
/dir/Hello-friends
我的问题是如何防止相同的网址一次又一次地产生。我想要以下具有相同标题的URL,以便添加一些内容,例如数字。例如
/dir/Hello-friends (The first post)
/dir/Hello-friends-2 (The second post, but here a number is added).
这是我的php代码
$conn = new mysqli($servername, $username, $password, $dbname);
if (mysqli_connect_error()) {
die("Database connection failed: " . mysqli_connect_error());
}
function php_slug($string)
{
$slug = preg_replace('/[^a-z0-9-]+/', '-', trim(strtolower($string)));
return $slug;
}
$title = mysqli_real_escape_string($conn,$title1);
$text1 = mysqli_real_escape_string($conn,$text0);
$text2 = mysqli_real_escape_string($conn,$text00);
$text3 = mysqli_real_escape_string($conn,$text000);
$text4 = mysqli_real_escape_string($conn,$text0000);
$text5 = mysqli_real_escape_string($conn,$text00000);
$text6 = mysqli_real_escape_string($conn,$text000000);
$pid = $_POST['pid'];
$post_title = $title;
$post_title = htmlentities($title);
$sql_titel = "SELECT post_title FROM posts WHERE title = '$title'";
$result_titel = mysqli_query($con, $sql_titel);
$resultsFound = mysqli_num_rows($result_titel);
if ($resultsFound > 0) {
$resultsFound++;
$post_title .= '-'.$resultsFound;
}
$sql = "INSERT INTO posts (title, text1, text2, text3, text4, text5, text6, post_title, pid)
VALUES ('$title', '$text1', '$text2', '$text3', '$text4', '$text5', '$text6', '".php_slug($post_title)."', '$pid')";
if ($conn->query($sql) === TRUE) {
echo "<script>alert('controlling post...!')</script>";
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
}
答案 0 :(得分:1)
如果要添加随机数:
if($_POST['submit']) {
$post_title = $title;
$post_title = htmlentities($title);
$sql_titel = "SELECT post_title FROM posts WHERE post_title = '$post_title'";
$result_titel = mysqli_query($con, $sql_titel);
if(mysqli_num_rows($result_titel) > 0) {
$post_title = $post_title . '-' . mt_rand(1, 1000);
}
}
答案 1 :(得分:1)
对代码的简单扩展是使用返回的行数,如下所示:
if($_POST['submit']) {
$post_title = htmlentities($title);
// !!! You should use parameterized queries here !!!
$sql_titel = "SELECT post_title FROM posts WHERE title = '$title'";
$result_titel = mysqli_query($con, $sql_titel);
// Using the number of rows returned as our collision ID:
$sameNameID = mysqli_num_rows($result_titel);
if ($sameNameID > 0) {
// Bump it up by 1 (so we essentially get 0,2,3,4,5..):
$sameNameID++;
// Add it to the post title:
$post_title .= '-'.$sameNameID;
}
}
重要的是,请注意它正在检查title字段而不是post_title。
另请注意您可能容易受到SQL注入攻击。即互联网上随机的人可以对数据库做任何他们想做的事情。 htmlentities 不会保护您免受注射。您应该使用PDO instead。
但话说回来,您可能希望从StackOverflow本身的网站中获取灵感,其中一个数字(文章ID)始终存在于URL中。
在StackOverflow的情况下,它是实际路由请求的ID - 这使得以后可以更改问题(或标题)。例如,所有这些链接到这个问题:
https://stackoverflow.com/questions/41537052/
https://stackoverflow.com/questions/41537052/prevent-the-same-url-occuring
https://stackoverflow.com/questions/41537052/prevent-the-same-url-occuring-renamed