Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

SQL/URL Query

  • 24-03-2011 5:13pm
    #1
    Itsdacraic
    Registered Users, Registered Users 2 Posts: 2,361 ✭✭✭


    Hi,

    I'm just wondering if it is possible to remove or mask SQL queries from appearing in my websites URLs?

    e.g. http://www.joebloggs.ie/index.php?id=2&pg=/Accounts-Department.php becomes www.jobloggs.ie/index/Accounts-Department.php (or similar)

    Is this a simple change a developer could make or would it require an overhaul of how the entire site is coded? (very broad question I know, but just wondering if it is possible).

    thanks


Comments

  • #2
    [Deleted User]
    Posts: 0 [Deleted User]


    A developer should be able to use mod_rewrite to repackage the urls as
    www.jobloggs.ie/Accounts-Department/id/2 or similar, but I think you want to pull the id out of the url altogether?

    The thing is the system needs to get that id to display the right data and if you are clicking on a link to get to the page, then the id will need to be in the url somewhere. You could encode the id to hide it from casual observers, but if the page is publicly accessible I don't see why you need to do that.

    Maybe I misunderstood the question?


  • #3
    Itsdacraic
    Registered Users, Registered Users 2 Posts: 2,361 ✭✭✭Itsdacraic


    Deleted User wrote: »
    A developer should be able to use mod_rewrite to repackage the urls as
    www.jobloggs.ie/Accounts-Department/id/2 or similar, but I think you want to pull the id out of the url altogether?

    The thing is the system needs to get that id to display the right data and if you are clicking on a link to get to the page, then the id will need to be in the url somewhere. You could encode the id to hide it from casual observers, but if the page is publicly accessible I don't see why you need to do that.

    Maybe I misunderstood the question?

    Thanks for the answer, it's almost purely for visual/vanity reasons. :)
    The php urls just look very messy and i'm sure they do nothing to help the SEO of my website.

    There's also the fact that I'm getting a lot of traffic from hackers, who are googling for SQL strings in the URL and then trying injection attacks.


  • #4
    sicruise
    Registered Users, Registered Users 2 Posts: 378 ✭✭sicruise


    Stop saying SQL string, you are driving me mad :) Query String if you have to call it something :)

    You could just put the ID in the session if it is a user ID, use mod_rewrite or use POST requests instead? I'm not sure what your system is like though.


  • #5
    matt-dublin
    Registered Users, Registered Users 2 Posts: 4,468 ✭✭✭matt-dublin


    sicruise wrote: »
    Stop saying SQL string, you are driving me mad :) Query String if you have to call it something :)

    You could just put the ID in the session if it is a user ID, use mod_rewrite or use POST requests instead? I'm not sure what your system is like though.
    if anything its just a URL string

    query string is an asp reference no?

    I hope you didn't pay your web designer for that site....
    Anyone who allowed urls like that should be shot!


  • #6
    sicruise
    Registered Users, Registered Users 2 Posts: 378 ✭✭sicruise


    http://en.wikipedia.org/wiki/Query_string


  • Advertisement
Advertisement