I Saw That Many Sites That Use PHP In Their Site Make URL's Look Like This >>>

http://www.sitename.com/index.php?page=home

How Do I Write A Script That My Site Pages Will Load Looking Like This ?? And Not Like This >>>

http://www.sitename.com/index.php Or
http://www.sitename.com/home.php ??

Thanks !!!

http://www.sitename.com/index.php?page=home

in index.php code something like <? include("$page.php"); ?>

This will insert home.php into your index.php page.

It depends on what you have already coded, and what you want to do with the code. You should give more information about what you are trying to accomplish.

bleh don't ever include a varible. it's a security risk

:rolleyes: blah blah blah ono

Isn't it a bad idea to do pages like that anyway? Especially if you're just including another PHP script. I could see it serving a purpose if you're just including .html files into a base template, because it helps seperate your data and your code.

It messes with caching and searching, and is inherently insecure, even if it is trivial to fix the obvious flaws. It also makes your access_log even more unreadable, and if you use any kind of software to parse it for statistics and stuff, it'll probably tell you nothing.

I've seen a lot of sites that do things like this, and I've always wondered why. Am I missing something?

Originally posted by Gryphon
:rolleyes: blah blah blah ono


it can be secured, specifically what I ment was don't just blatently include something passed from the url. Imagine...


include($page);


http://www.site.com/index.php?page=members/.htpasswd

http://www.coderforums.net/showthread.php?s=&threadid=648

yeah - see my final comment on the topic iDxMan posted.

In response to nex, you're highly mis-informed.

Caching - browsers cache even the slightest differences in the address bar as different pages.

Searching - this was a problem *years* ago, search engines have evolved a lot since then (see google)

Inherently Insecure - nope, security is up the programmer entirely. Proper implementation is actually more secure and robust (see FuseBox). Using this method allows for a SINGLE point of access to your entire web application. From there, you can very easily regulate permissions, error handling, and variable scoping throughout the entire application.

Statistics - most newer stats engines recognize differences in the queryString, and register them as seperate types of requests. Once again, the web has evolved a lot since this was once true.

Unrelated.. by I'm just curious. What influenced you to "Type Every Word In Your Sentences With A Capitol Letter?" I really don't undestand why people do that, they lose all credibility with me by doing so. Maybe it's just a personal thing :\



Edit: Reading that again, makes me really just want to punch you in the face... god that is soooo annoying :sick:

Originally posted by ChefNinja
Unrelated.. by I'm just curious. What influenced you to "Type Every Word In Your Sentences With A Capitol Letter?" I really don't undestand why people do that, they lose all credibility with me by doing so. Maybe it's just a personal thing :\



Edit: Reading that again, makes me really just want to punch you in the face... god that is soooo annoying :sick:
My experience has led me to believe that it is VB that encourages it.

Dim Foo As Integer

for example.

Originally posted by Grizzly

this was a problem *years* ago

Once again, the web has evolved a lot since this was once true.

Suddenly I feel old. :wtf:

I think security is still an issue. Just because proper implementation can be secure doesn't make the whole practice secure - all of the most obvious methods for implementing this kind of system are very insecure. Plus, you basically circumvent all of the security checks your webserver is doing for you.

Back to the point, though - I guess I can see where having a single access point can benefit things. But I don't think many people using a system like that are taking advantage of those possibilities. Thanks.

Originally posted by nex
Suddenly I feel old. :wtf:

I think security is still an issue. Just because proper implementation can be secure doesn't make the whole practice secure - all of the most obvious methods for implementing this kind of system are very insecure. Plus, you basically circumvent all of the security checks your webserver is doing for you.

Back to the point, though - I guess I can see where having a single access point can benefit things. But I don't think many people using a system like that are taking advantage of those possibilities. Thanks.

Trust me - I've been developing strictly FuseBox apps for over a year now, some of them being regional banking applications, and we've had security specialists analyze our code and application methods, and they're pretty happy with it.

Honestly, I can't follow what you're saying at all up there. How are all "obvious" methods insecure? Define an "obvious" method. Forgive me for being dense, but to me, your statement is really cryptic. How is it circumventing all webserver security checks? You're still accessing the site through the execution of a script, located in a directory, which is handled through the web server.

And wait...you don't *think* many people using this methodology are taking advantage of those possibilities? The truth is many people are, and that's the entire point of FuseBox. I will give you this, some people develop their own hack implementations which yes, are terribly insecure. That in no means makes this approach insecure, all that means is there are a lot of inexperienced, ignorant so called "developers" out there that really have no idea what they're doing.

That's like saying condoms aren't reliable because there are some drunken teenagers using them entirely wrong. The truth is, condoms are pretty reliable, and so is FuseBox ;)

So.... FuseBox ~= Condoms?

Originally posted by darelf
So.... FuseBox ~= Condoms?

Exactly - being THIS obsessed with a programming methodology usually serves as a birth conrol device in some fashion or another. I'm the exception though, lol.

Yeah, I'm more obsessed with programming in general than anyone one methodology.

Although some turn me off faster than others...

Originally posted by Grizzly
Define an "obvious" method.

Something that is immediately apparent. See the first response to this thread. It's the most obvious way to do it.

By "all webserver security checks" I meant "many webserver security checks" (don't ask where my head was, I don't know), and specifically things like file access. Your webserver probably won't serve files outside of your docroot or anything that starts with .ht, and several other things. If you're serving documents up yourself, you're effectively bypassing all of these checks. Though this is admittedly not a big issue -

I get the idea; FuseBox proves it can be secured, and it an be useful. Thank you for setting me straight.

Yeah nex - I think you just didn't quite understand how FuseBox worked. One thing it does is more or less define an ACL against the requested "action" or "page" being requested. If the requested "action" or "page" does not authenticate with the ACL, the user is redirected to a default page.

And yeah, the first response in this thread isn't really an "obvious" way to do it in my opinion, rather, it's an extreemly flawed way to do it.

Seriously though...if you have a crapload of freetime (who does these days), give FuseBox a try. Try building a PHP FuseBox app. It's kind of weird when you first try it out, but once you get the hang of it, you'll never turn back. I've turned a lot of folks from other forums into FuseBox geeks like myself. From my experience, anyone that's tried it loves it to death.

Anyways....enough about FuseBox. So how 'bout them NE Patriots? hehehe