stackoom
  简体   繁体   中英

query string in php url which fetches values from files in directories

 原文  2014-09-12 13:56:02       php/ include

Question

for security reasons we need to disable a php/mysql for a non-profit site as it has a lot of vulnerabilities. It's a small site so we want to just rebuild the site without database and bypass the vulnerability of an admin page.

The website just needs to stay alive and remain dormant. We do not need to keep updating the site in future so we're looking for a static-ish design.

Our current URL structure is such that it has query strings in the url which fetches values from the database.

eg artist.php?id=2

I'm looking for a easy and quick way change artist.php so instead of fetching values from a database it would just include data from a flat html file so. 

artist.php?id=1  = fetch data from /artist/1.html
artist.php?id=2  = fetch data from /artist/2.html
artist.php?id=3  = fetch data from /artist/3.html
artist.php?id=4  = fetch data from /artist/4.html
artist.php?id=5  = fetch data from /artist/5.html

The reason for doing it this way is that we need to preserve the URL structure for SEO purposes. So I do not want to use the html files for the public.

What basic php code would I need to achieve this?

2 answers

solution1
 0  2014-09-12 14:20:57

HTML isn't your best option, but its cousin is THE BEST for static data files.

Let me introduce you to XML! (documentation to PHP parser )

XML is similar to HTML as structure, but it's made to store data rather than webpages.

If instead your html pages are already completed and you just need to serve them, you can use the url rewriting from your webserver (if you're using Apache, see mod_rewrite )

At last, a pure PHP solution (which I don't recommend) 

<?php

//protect from displaying unwanted webpages or other vulnerabilities:
//we NEVER trust user input, and we NEVER use it directly without checking it up.
$valid_ids = array(1,2,3,4,5 /*etc*/);
if(in_array($_REQUEST['id'])){
  $id = $_REQUEST['id'];
} else {
  echo "missing artist!"; die;
}
//read the html file
$html_page = file_get_contents("/artist/$id.html");

//display the html file
echo $html_page;

solution2
 0 ACCPTED  2014-09-12 14:22:21

To do it exactly as you ask would be like this: 

$id = intval($_GET['id']);
$page = file_get_contents("/artist/$id.html");

In case $id === 0 there was something else besides numbers in the query parameter. You could also have the artist information in an array: 

// datafile.php
return array(
    1 => "Artist 1 is this and that",
    2 => "Artist 2..."
)

And then in your artist.php 

$data = include('datafile.php');
if (array_key_exists($_GET['id'], $data)) {
    $page = $data[$_GET['id']];
} else {
    // 404
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP fetches URL without query php code to generate text files that fetches contents from a mysql table Removing query string from url in php how to read query string from a URL in PHP Showing files from multiple directories which all have different file names and display in table PHP Hiding URL variables/values in a query string. PHP PHP - Get indexed URL query string parameters from URL PHP - Redirecting and including files from different directories is it safe to include files based on query string values in php? Assign row values from SQL to php variables from URL query
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM