No arguments here ;-). For what it's worth, I've used this technique just to simply clean up the url's a bit. With that in mind, I usually don't need to do a terrible amount of scrubbing because I'm using the variables in the url more for navigation. So http://www.example.com/index.php/edit/customer/1234simply tells my script to display a form that will allow the user to edit customer 1234, if the first sections of $_SERVER['PATH_INFO'] isn't exactly what I'm expecting then I moce on to whatever the default action is (except of course for the customer id at the end). Really this isn't any different than http://www.example.com/index.php?action=edit&type=customer&id=1234 in terms of security. If I'm wrong someone please let me know as I do use this technique quite a bit. - Joe On 4/21/06, tg-php@xxxxxxxxxxxxxxxxxxxxxx <tg-php@xxxxxxxxxxxxxxxxxxxxxx> wrote: > > You could do that... a "poor man's mod_rewrite" might involve something > like this and making the main PHP parsing script your 404 page.. so no > matter where you went on a page, the 404 redirect to your PHP script would > parse the request (or would you get the post-redirected URL? in which case > you'd have to get the 'referrer' maybe? not sure..). > > Sounds like it could have some security issues though..giving too much > power to the user and what they enter in the URL being used as variable > data.. definitely would want to scrub that input hard. > > -TG > > = = = Original message = = = > > I believe Kevin is on the right track there. To expand a bit, you can use > $_SERVER['PATH_INFO'] with these urls instead of $_GET to make use of the > data it contains > > example for url http://www.example.com/index.php/foo/bar > <?php > echo $_SERVER['PATH_INFO']; > ?> > > produces: > /foo/bar > > You can then parse this string, (generally by using the '/' character as a > deliminator) and extract the data. MediaWiki even provides information > (can't think of where at the moment) on how to use Apache's mod_rewrite to > hide index.php thus making the url even cleaner: > http://www.example.com/foo/bar > > Cheers! > - Joe > > > ___________________________________________________________ > Sent by ePrompter, the premier email notification software. > Free download at http://www.ePrompter.com. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > >
