CODEWITHSUNDEEP
.htaccess
Amy
Amy

Reputation: 55

htaccess url rewrite but the ID changes

I wondering if it is possible to rewrite a url that might look something like this

www.example.com/item.php?id=1 to a www.example/item.php without the `?id=1`

Please note that 1 is for the product id so it might change to 2 or any number depending on what product the user choose

My current htaccess
My current .htaccess looks like this:

RewriteEngine on
RewriteBase /
RewriteRule ^item/(.*)$ test/main/pages/account/$1 [L]   // **the item.php file is in the item folder**
ErrorDocument 404 /test/main/pages/general/index.php
Options -Indexes
AuthName "main"

I did it like

<?php
include('global.php'); ///database connection

function create_guid()
    {
            $microTime = microtime();
        list($a_dec, $a_sec) = explode(" ", $microTime);

        $dec_hex = dechex($a_dec* 1000000);
        $sec_hex = dechex($a_sec);

         ensure_length($dec_hex, 5);
         ensure_length($sec_hex, 6);

        $guid = "";
        $guid .= $dec_hex;
        $guid .= create_guid_section(3);
        $guid .= '-';
        $guid .= create_guid_section(4);
        $guid .= '-';
        $guid .= create_guid_section(4);
        $guid .= '-';
        $guid .= create_guid_section(4);
        $guid .= '-';
        $guid .= $sec_hex;
        $guid .= create_guid_section(6);

        return $guid;

    }

$stmt = $conn->prepare("INSERT INTO `Product (`pid`, `Guid`, `price`) VALUES
(13, '".$guid."', 13)");
$stmt->execute();

?>

also i did it using PDO because am I not a big fan of mysql

Upvotes: 0

Views: 643

Answers (2)

saran banerjee
saran banerjee

Reputation: 2903

Since your main motive here to keep people form guessing the id in url and since as pointed out by lucas william that the way you want it is not possible in .htaccess instead you can store the id of each product in the database as guid format(this format of id storage into database is used by sugarCRM) which is also a proper substitute to satisfy you required and you can use that id to uniquely identify you product table each records:

The functions to create guid is as follows:

function create_guid()
    {
            $microTime = microtime();
        list($a_dec, $a_sec) = explode(" ", $microTime);

        $dec_hex = dechex($a_dec* 1000000);
        $sec_hex = dechex($a_sec);

         ensure_length($dec_hex, 5);
         ensure_length($sec_hex, 6);

        $guid = "";
        $guid .= $dec_hex;
        $guid .= create_guid_section(3);
        $guid .= '-';
        $guid .= create_guid_section(4);
        $guid .= '-';
        $guid .= create_guid_section(4);
        $guid .= '-';
        $guid .= create_guid_section(4);
        $guid .= '-';
        $guid .= $sec_hex;
        $guid .= create_guid_section(6);

        return $guid;

    }
    function create_guid_section($characters)
    {
        $return = "";
        for($i=0; $i<$characters; $i++)
        {
            $return .= dechex(mt_rand(0,15));
        }
        return $return;
    }

    function ensure_length(&$string, $length)
    {
        $strlen = strlen($string);
        if($strlen < $length)
        {
            $string = str_pad($string,$length,"0");
        }
        else if($strlen > $length)
        {
            $string = substr($string, 0, $length);
        }
    }

Now using the above function you can generate the id as:

$guid = create_guid(); //guid is of the format 79cb3604-e634-a142-d9cb-5113745b31e2 which you can see is quite impossible to guess.

Also I would sugest that you keep the auto increment field in your product table. Because it always a good idea to maintain a auto incremented field in a table to uniquely identity the records.

I hope this can be of some help

Edit :

what you need to do is add a field in you database product table named "guid" so say your current database product table structure has the following fields:

id, name, price  //where id is the auto incremented

after adding the field guid it becomes

id, guid, name, price //where id is auto incremented field and guid uniquely identifies each row in the product table

and when you do the insert of the product data in the database product table you generate the guid using the above code and insert it. ie

for example 

$sql = "Insert into product_table('guid','product_name',product_price) values('".$guid."','product1','59.00');

so an example data in your product table will look like this:

1, 79cb3604-e634-a142-d9cb-5113745b31e2, product1, 59.00

Now in the product.php page with url say

yoursite.com/product.php?guid=79cb3604-e634-a142-d9cb-5113745b31e2

instead of using the url

yoursite.com/product.php?id=1

you can easily query the data from the database product table in relation to "guid" which of course also uniquely identifies each row in your product table in the database there by elimiting the risk of user guessing your id in url of the webpage.

I hope this gives you an idea of what i am trying to explain.

Upvotes: 3

Lucas Willems
Lucas Willems

Reputation: 7073

Using .htaccess, rewrite "www.example.com/item.php?id=1" to "www.example/item.php" is not possible because, how can we know, with an url like "www.example/item.php", if the product id is 1 or 2 ? It's impossible. So, with .htaccess, it's not possible.

However, you can cheat and use, simply, PHP and session variables, to do this rewriting, even if it's not a good solution. So, let your links under their current shape, with the get id parameter, and just add in your item.php file, a condition that will save the id value in a session variable and redirect to item.php if the id parameter is not empty.

Upvotes: 0

Related Questions