Please note that all code contained in this thread was created, and belongs to, VNC Web Design and Development and may be freely used for non-commercial purposes with the agreement that credit will be visibly identifiable within your application and within code. Commercial applications must obtain permission before utilizing code.

This article may be reproduced and republished with prior written permission from myself. This code is being provided here for example, but should fully work "out of the box".

One thing that I've always been an advocate of is web standardization; a loose part of this can be SE Friendly URLs which roughly do away with certain characters in URLs to pages which Search Engines (or poorly coded web browsers) dislike.

These characters can be, but are not limited to:
&, ?, =

There are several ways to go about this, and I'll introduce two which I've used; these aren't the "only" way to go about this, but they are rather simple and efficient.

Option A, mod_rewrite
Not necessarily my favorite method of things, it works and it works well; in fact, our IRC information page here on UGN Security utilizes this.

Please note that there are MANY ways to do this via mod_rewrite, and I'm sure there are more efficient ways of doing it than I use below, but this is a good starter way of allowing SE friendly URLs via mod_rewrite:

Example .htaccess entry:
# Tell mod_rewrite we're wanting to utilize it
RewriteEngine on

# SE Friendly URLs
RewriteRule ^irc/(.*)/(.*).php /irc.php?section=$1&channel=$2

This will allow SE Friendly URLs on a script named irc.php with the section of $1 (which is the first (.*)) and "channel" of $2 (which is the second (.*)).

So, accessing the page as:

You'll see that the section is "chat" and the channel is #staff. .php is just there as a virtual extension and isn't needed (but it is there none the less).

Another way of doing this is via the path_info variable; I like this method more as it allows all options to be worked on via php and can be adjusted a lot easier and is well more powerful.

For users of Apache2 you'll at times need to "turn on" path info in your .htaccess file as:
AcceptPathInfo On

The coding I tend to go with for utilizing Path Info in PHP is:
// Path Info Translation
// ------------------------------
// Take the path from the URL.
	$path = strip_tags(addslashes(htmlspecialchars($_SERVER["PATH_INFO"])));

// Build an array from the path.
	$translation = preg_split("/[\/]+/", $path);

What this does is reads the path after your script name (in this case articles.php) and splits it into an array. After the array is split it unsets the first row as it will always be empty (so there is no point in allowing it to stay).

Now, translating these into our script is done via:
// Split the array into useable chunks.
	if($translation["1"] == "category") { $category = (int)$translation["2"]; }
	elseif($translation["1"] == "task") { $task = strip_tags(addslashes(htmlspecialchars($translation["2"]))); }
	elseif($translation["1"] == "article") { $article = (int)$translation["2"]; }
	if($translation["3"] == "page") { $page == (int)$translation["4"]; }

Which basically reads, if line2 of the array is one of the 3 possible variables (category, task, or article) to pass the value of line3 to the script. If line4 contains the variable "page" it passes the value of line5 to the script as the page number.

This looks like one of the following:

You could also pass a virtual extension (.html, .php, etc) if you'd like to do so, however you'd want to make sure the script knows to filter it out so it's not passed to the parser.
Donate to UGN Security here.
UGN Security, Back of the Web, Elite Web Gamers & VNC Web Design Owner