dpbsy60000 2015-10-07 23:19
浏览 27
已采纳

php / mysql SERF网址

I have looked and look and I cannot get this working. I have tried to do it with .htaccess and other tries but nothing is working.

I am trying to get from new-machinery.php?Item=100 to new-machinery/Item-Name

This what I have for my product pages.

 <?php

$LimitAmt = $Amt + 1;
$Limit = "LIMIT $LimitAmt";
$NextPage = $Page + 1;
$PrevPage = $Page - 1;


$SQLCat = "";
if (strlen($Cat) > 1)
{
$SQLCat = "AND (`Category` LIKE '$Cat;%' OR `Category` LIKE '%;$Cat' OR `Category` LIKE '$Cat')";   
}


$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `condition`='New' $SQLCat $Limit";
$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link);

$name = mysql_result($result,$i,"name");
$model = mysql_result($result,$i,"model");
$manu = mysql_result($result,$i,"manu");
$desc = mysql_result($result,$i,"desc");
$imagename = mysql_result($result,$i,"image");*/

$eid = $row['id'];
$itemname = $row['itemname'];
$model = $row['model'];
$manufactuer = $row['manufactuer'];
$desc = $row['desc'];
$imagename = $row['image'];


if (!file_exists("UImages/" . $imagename) || strlen($imagename) < 5)
{
$imagename = "NoImage.jpg";
}
?>

And to display the products url I have

<a itemprop="url" href="new-product.php?Item=<?php echo $itemname; ?>"><span itemprop="name"><?php echo $itemname; ?></span></a>

Like I said, I have looked and tried everything I could find but I keep getting a 404 page.

Any help would be greatly appreciated.

  • 写回答

1条回答 默认 最新

  • dourong8495 2015-10-08 03:26
    关注

    First you need to change your links to the format you want. Something like

    href="new-product/<?php echo $itemname; ?>">

    In your .htaccess you want something like.

    RewriteRule ^new-product/(.*) new-product.php?Item=$1

    The ^ is the start of the URL.
    The () captures the values inside it.
    The . is an character and the * is zero or more occurrences of any character. So bascially .* is equal to anything.
    The $1 is the value from the first capture group. If you have 2 capture groups they are in order of appearance.

    So this new-product/(.*) is the url on the back end the RewriteRule tells apache to send the request to PHP as new-product.php?Item=$1.

    So in your PHP you're going to need to change your call so it checks for the name rather than the ID.

    $name = mysql_real_escape_string($_GET['Item']); 
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `itemname`='$name' LIMIT 1;"; 
$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link); 
$row = mysql_fetch_assoc($R_GetEquipment);

    The fetched data doesn't need to be escaped. The escaping is so your SQL statement can't be manipulated by inserting additional characters.

    The preferred approach for this is using paramaterized queries unfortunately mysql_ functions don't support that. I'd recommend you update to PDO or mysqli_ so you can take advantage of these.

    https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29
    http://php.net/manual/en/security.database.sql-injection.php
    How can I prevent SQL injection in PHP?

    If other people had the older format you'll need to make a rewrite controller. The htaccess will need to send to a PHP page that has DB access so it can pull the name from the ID, then resend it... or do a conditional check on your page and if the parameter is an integer check it by id.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 unity第一人称射击小游戏,有demo,在原脚本的基础上进行修改以达到要求
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
  • ¥15 cmd cl 0x000007b
  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)