TalkPHP - View Single Post - Whats with the weird external stylesheet links?

delayedinsanity · 04-27-2008, 10:23 PM

A LOT.

Code:

RewriteRule ^users/info/([A-Za-z0-9_]+)/?$ users/info.php/$1
RewriteRule ^users/([A-Za-z0-9]+)/?$ users/$1.php

That's a small snippet of some rules I'm using right now in developing my site. This is doing a few things; first and foremost, all my urls are readable and SEO friendly. Secondly, it's adding another minor level of security to my scripts. None of my scripts use GET, so GET can't be abused. On top of that, thanks to the regular expressions, if the URL doesn't conform to the guidelines above, the user just gets a 404 returned, so it's harder to inject malicious data. All input, whether from this method or POST is sanitized and validated internally as well, but all the little extras I've implemented add up to what I believe to be a pretty bulletproof operation.

mod_rewrite is damned cool, IMHO.
-m

04-27-2008, 10:23 PM	#12 (permalink)
delayedinsanity is cute and cuddly Join Date: Mar 2008 Location: Vegas, Baby Posts: 963 Thanks: 31	A LOT. Code: RewriteRule ^users/info/([A-Za-z0-9_]+)/?$ users/info.php/$1 RewriteRule ^users/([A-Za-z0-9]+)/?$ users/$1.php That's a small snippet of some rules I'm using right now in developing my site. This is doing a few things; first and foremost, all my urls are readable and SEO friendly. Secondly, it's adding another minor level of security to my scripts. None of my scripts use GET, so GET can't be abused. On top of that, thanks to the regular expressions, if the URL doesn't conform to the guidelines above, the user just gets a 404 returned, so it's harder to inject malicious data. All input, whether from this method or POST is sanitized and validated internally as well, but all the little extras I've implemented add up to what I believe to be a pretty bulletproof operation. mod_rewrite is damned cool, IMHO. -m Last edited by delayedinsanity : 04-28-2008 at 04:30 PM.