Bad idea or perfectly acceptable?
Moderator: General Moderators
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
Bad idea or perfectly acceptable?
Hey guys,
I have a 'blog-like' section of a website I am developing and usually design my scripts so they accept a numerical GET value in the URL to pull the associated blog/content.
Example (like a usual blog or forum post, etc)
http://www.example.com/post.php?num=72
However, I would like to implement mod_rewrite on this section and do not want any numerical ID's in the URL.. as I would rather have the post name/title be the identifier (which is also the GET value).
Example:
http://www.example.com/my-first-post/
Where the rewritten URL above is mapped to:
http://www.example.com/post.php?name=my-first-post
Is there anything 'bad' about using a string identifier like above to pull content from the database? Each blog post's primary key is numerical, but the post name is stored in a UNIQUE VARCHAR column in the database, so it is accessible and able to be used to pull content.
Is there any security risks or performance issues with implementing it like above? Would love to hear any suggestions. Thanks for your help.
I have a 'blog-like' section of a website I am developing and usually design my scripts so they accept a numerical GET value in the URL to pull the associated blog/content.
Example (like a usual blog or forum post, etc)
http://www.example.com/post.php?num=72
However, I would like to implement mod_rewrite on this section and do not want any numerical ID's in the URL.. as I would rather have the post name/title be the identifier (which is also the GET value).
Example:
http://www.example.com/my-first-post/
Where the rewritten URL above is mapped to:
http://www.example.com/post.php?name=my-first-post
Is there anything 'bad' about using a string identifier like above to pull content from the database? Each blog post's primary key is numerical, but the post name is stored in a UNIQUE VARCHAR column in the database, so it is accessible and able to be used to pull content.
Is there any security risks or performance issues with implementing it like above? Would love to hear any suggestions. Thanks for your help.
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Except for the fact that securing an integer using a cast:
Is much easier and faster than say - preg_replace() on a string...
It's common to use this technique (Most PHP CMS use it) so it can't be that bad
Just remember to escape or clean it up using regex before sending to DB for query
Code: Select all
$id = (int)$_GET['id'];It's common to use this technique (Most PHP CMS use it) so it can't be that bad
Just remember to escape or clean it up using regex before sending to DB for query
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: Bad idea or perfectly acceptable?
Nothing inherently bad about it. Make sure you validate and filter the "name" request var (using preg like "[a-zA-Z0-9\-]". You also might want to limit the length of you names to the first N significant words in the title. This method will obviously be a little slower than using an integer, both on the code side and the query. But it should not be much of a penalty and you can always cache pages to even things out.seodevhead wrote:Is there anything 'bad' about using a string identifier like above to pull content from the database? Each blog post's primary key is numerical, but the post name is stored in a UNIQUE VARCHAR column in the database, so it is accessible and able to be used to pull content.
Is there any security risks or performance issues with implementing it like above? Would love to hear any suggestions. Thanks for your help.
You might also look into using a Front Controller rather than Page Controllers. It will greatly simplify your rewrite rules to one or two lines.
(#10850)
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
What I was planning to do was add a column in the 'posts' database table for 'filename' like so:
CREATE TABLE posts (
post_id INT NOT NULL AUTO_INCREMENT,
title VARCHAR(200) NOT NULL,
filename VARCHAR(200) NOT NULL,
{....}
);
So when I create a new blog post, I can just fill out the exact filename I want to use like 'my-custom-filename', so there is a perfect 'match or no-match' validation required for the GET URL parameter.
Is this a good way to do things you think? This way I don't have to worry about breaking down the string passed in the URL with regex or splitting strings, etc.
CREATE TABLE posts (
post_id INT NOT NULL AUTO_INCREMENT,
title VARCHAR(200) NOT NULL,
filename VARCHAR(200) NOT NULL,
{....}
);
So when I create a new blog post, I can just fill out the exact filename I want to use like 'my-custom-filename', so there is a perfect 'match or no-match' validation required for the GET URL parameter.
Is this a good way to do things you think? This way I don't have to worry about breaking down the string passed in the URL with regex or splitting strings, etc.
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
- stereofrog
- Forum Contributor
- Posts: 386
- Joined: Mon Dec 04, 2006 6:10 am
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
-
jabbaonthedais
- Forum Contributor
- Posts: 127
- Joined: Wed Aug 18, 2004 12:08 pm
What if you just used a url like this:
http://www.example.com/72/my-first-post/
Basically your script would ignore the /my-first-post/ and just use the interger, and it would make the search engine happy.
http://www.example.com/72/my-first-post/
Basically your script would ignore the /my-first-post/ and just use the interger, and it would make the search engine happy.
- seodevhead
- Forum Regular
- Posts: 705
- Joined: Sat Oct 08, 2005 8:18 pm
- Location: Windermere, FL
Ehh... guess you can call me a "purist" when it comes to URLs...hehe.jabbaonthedais wrote:What if you just used a url like this:
http://www.example.com/72/my-first-post/
Basically your script would ignore the /my-first-post/ and just use the interger, and it would make the search engine happy.
I thought of that, but I figure I'll do the extra work to get that 'perfect' URI.
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact:
-
jabbaonthedais
- Forum Contributor
- Posts: 127
- Joined: Wed Aug 18, 2004 12:08 pm
Well the only downside I see then is not being able to use the same topic-name twice. But if its already set to UNIQUE then you don't have to worry about it. But like if you wrote something generic "Dogs and cats" and a year later forgot and wrote something with the same heading, it would only pull one of them (or simply wouldn't allow you to use the heading, depending on how you set it up).
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
Wordpress I believe styles their links like
http://www.domain.com/year/month/day/title
That way, you still have your precious title for readability and narrow the chances a bit more..
Even including the id I don't see as not being "pure".
http://www.domain.com/year/month/day/title
That way, you still have your precious title for readability and narrow the chances a bit more..
Even including the id I don't see as not being "pure".
- Kieran Huggins
- DevNet Master
- Posts: 3635
- Joined: Wed Dec 06, 2006 4:14 pm
- Location: Toronto, Canada
- Contact: