Http get and htaccess - php variable is changing

Hi all. Thanks for the advice so far.

I am passing some details to a page using a query string, which generates a URL in this format:

www.domain.com/image.php?gallery=surfers&link=surfers-beach-goers

I then use this code to get the data I need from the database:

$gallery = mysqli_real_escape_string($conn, $_GET['gallery']);
$link = mysqli_real_escape_string($conn, $_GET['link']);
$sql = "SELECT * FROM images WHERE link='".$link."'";

This all works fine and the page works as needed. As part of set up and testing I echo the $link variable to the page and it displays correctly as: surfers-beach-goers

However to make the URL in this format: www.domain.com/surfing/surfers-beach-goers I have used the following htaccess code:

RewriteRule ^(surfing|people|places|montage)/([a-z\-]+)$ image.php?gallery=$1&link=$2.php

And this is making the page stop working. No data is returned from the query when the page is accessed in this way and when I echo the $link variable it is shown as: surfers-beach-goers.php

So something, is causing the variable to have the .php extension on the end, and as there is no matching data the query returns nothing and so the page is not populated.

I’ll be honest, I have no idea where to even start looking so any advice would be great. Phrasing the issue into a google search to try and investigate has been difficult too.

Many Thanks,
Matt

OK - it’s late, I have noticed the obvious mistake in the htaccess file and fixed it!

Thanks

Matt

You should never ever put variables in your queries. You need to use prepared statements. I would recommend you use PDO. Here is a good tutorial to get you going. https://phpdelusions.net/pdo

Also, you should explicitly specify the column names you want instead of using SELECT *.

Thanks for the reply, much appreciated.

I agree re. select * - that was just to get it up and running and I will use the exact columns I need now it’s working.

I’m new to this - I thought this part:

$link = mysqli_real_escape_string($conn, $_GET['link']);

Removed the vulnerabilities for sql injection etc but thanks for linking the tutorial, I will read it now.

Still kicking myself about the obvious mistake in the htaccess that I missed for ages :slight_smile:
Thanks

Matt

it’s so much simpler to just use prepared statements, would be the first thing i refactor.

Sometimes all that is needed is another pair of eyes, sometimes it’s your own eyes putting the code in a different context that makes the error jump out.

2 Likes

Yes that’s exactly it, as soon as I re-read my post here it was obvious!

Thank you.

Hi all. So I have this all working as needed but one question out of interest…

The page is at the root of the site and when accessing it using www.domain.com/image.php?gallery=galleryname&link=linkname it works and the css and image links are relative to the root.

However when accessing via www.domain.com/galleryname/linkname the page works but the css and images links fail - they need to be changed to …/css etc to work as if the page is not at the root.

However the internal redirect is calling the page at the root, but the page is acting if its in a directory further down the structure.

Is this something i have done wrong in my htaccess or is this expected behaviour?

Thanks

Matt

Modifying the htaccess file for application rewrites can tricky and become messy fairly quickly. On the next project I highly recommend rewriting everything to a single front end controller (ie. index.php) and handling routing within the application itself. Handing routing within the application itself is much more flexible. Furthermore, you could use a stand alone library like PHP leagues router to get you started on the right path. If you are part of school that is against frameworks (I’m not) but if you are PHP league as a lot of nice stand alone libs that can be used with composer for lower level but common application tasks like routing.

Thank you, I will take a look at at that.

(apologies for delayed reply I have been away)

Cheers

Matt

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.