ErrorDocument 404 /index.php

Then, in your index.php file:

$request = explode(‘/’, $_SERVER['REQUEST_URI']);
array_shift($request);

Now any file name (like index.php or example.com/newsletter) becomes $request[0]… since we’re exploding the slash, you can do:

http://www.example.com/articles/how-to/build-friendly-uri

Since Apache won’t find that URL, it defaults to index.php, which then breaks it up.

$request[0] = articles
$request[1] = how-to
$request[2] = build-friendly-uri

At this point, you can pass variables to mySQL, or do whatever you want with them. Pretty easy.

You can see by using the ErrorDocument directive, you can just easily create these.

Andy

ErrorDocument 404 /index.php

Then, in your index.php file:

$request = explode(‘/’, $_SERVER['REQUEST_URI']);
array_shift($request);

Now any file name (like index.php or example.com/newsletter) becomes $request[0]… since we’re exploding the slash, you can do:

http://www.example.com/articles/how-to/build-friendly-uri

Since Apache won’t find that URL, it defaults to index.php, which then breaks it up.

$request[0] = articles
$request[1] = how-to
$request[2] = build-friendly-uri

At this point, you can pass variables to mySQL, or do whatever you want with them. Pretty easy.

You can see by using the ErrorDocument directive, you can just easily create these.

Andy

I’m not sure I understand what you’re trying to do with a page title. It should just be a matter of escaping the page with htmlentities(), or using str_replace() to replace the offending characters.

“Also, when you say “a simple SELECT properly escaped to avoid SQL injectionâ€?, what do you mean?”

If you are accepting user input, you want to make sure that the user hasn’t inserted some nasty command or poor syntax that could give you bad data — or worse, destroy your database.

One way to do this is to use mysql_real_escape_string($varName) around your variables.

Another way is to check that the value you receive is the same type as the one you were expecting. Say, for example, your SQL query is “SELECT * FROM posts WHERE id=$_GET['id'].” In that case, you definitely want to check whether or not $_GET['id'] is a numeric string using either is_numeric() or ctype_digit().

I’m not sure I understand what you’re trying to do with a page title. It should just be a matter of escaping the page with htmlentities(), or using str_replace() to replace the offending characters.

“Also, when you say “a simple SELECT properly escaped to avoid SQL injectionâ€?, what do you mean?”

If you are accepting user input, you want to make sure that the user hasn’t inserted some nasty command or poor syntax that could give you bad data — or worse, destroy your database.

One way to do this is to use mysql_real_escape_string($varName) around your variables.

Another way is to check that the value you receive is the same type as the one you were expecting. Say, for example, your SQL query is “SELECT * FROM posts WHERE id=$_GET['id'].” In that case, you definitely want to check whether or not $_GET['id'] is a numeric string using either is_numeric() or ctype_digit().

Could you add an example of how to do this with the page title instead? i.e.: this one! (http://tiffanybbrown.com/2003/12/22/creating_clean_uris_with_php)
Also, when you say “a simple SELECT properly escaped to avoid SQL injection”, what do you mean?
thanks a lot.

Could you add an example of how to do this with the page title instead? i.e.: this one! (http://tiffanybbrown.com/2003/12/22/creating_clean_uris_with_php)
Also, when you say “a simple SELECT properly escaped to avoid SQL injection”, what do you mean?
thanks a lot.

if you want to do something like ‘index.php/Error,’ you’ll need to use mod_rewrite (on Apache server).

if you want to do something like ‘index.php/Error,’ you’ll need to use mod_rewrite (on Apache server).

example:
when the URL was http://www.index.php?error=Error everthing was fine.
when the URL is http://www.index.php/Error i have problems because the paths in my index.php think they’re in a folder called “Error”.

i hope that makes sense. if you have any suggestions that would be great, if not, thanks anyway.

example:
when the URL was http://www.index.php?error=Error everthing was fine.
when the URL is http://www.index.php/Error i have problems because the paths in my index.php think they’re in a folder called “Error”.

i hope that makes sense. if you have any suggestions that would be great, if not, thanks anyway.

A simple “select * from posts where id=$entry[1],” properly escaped of course.

A simple “select * from posts where id=$entry[1],” properly escaped of course.