Bad idea or perfectly acceptable?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Bad idea or perfectly acceptable?

Post by seodevhead »

Hey guys,

I have a 'blog-like' section of a website I am developing and usually design my scripts so they accept a numerical GET value in the URL to pull the associated blog/content.

Example (like a usual blog or forum post, etc)
http://www.example.com/post.php?num=72

However, I would like to implement mod_rewrite on this section and do not want any numerical ID's in the URL.. as I would rather have the post name/title be the identifier (which is also the GET value).

Example:
http://www.example.com/my-first-post/

Where the rewritten URL above is mapped to:

http://www.example.com/post.php?name=my-first-post

Is there anything 'bad' about using a string identifier like above to pull content from the database? Each blog post's primary key is numerical, but the post name is stored in a UNIQUE VARCHAR column in the database, so it is accessible and able to be used to pull content.

Is there any security risks or performance issues with implementing it like above? Would love to hear any suggestions. Thanks for your help.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Except for the fact that securing an integer using a cast:

Code: Select all

$id = (int)$_GET['id'];
Is much easier and faster than say - preg_replace() on a string...

It's common to use this technique (Most PHP CMS use it) so it can't be that bad ;)

Just remember to escape or clean it up using regex before sending to DB for query :)
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Bad idea or perfectly acceptable?

Post by Christopher »

seodevhead wrote:Is there anything 'bad' about using a string identifier like above to pull content from the database? Each blog post's primary key is numerical, but the post name is stored in a UNIQUE VARCHAR column in the database, so it is accessible and able to be used to pull content.

Is there any security risks or performance issues with implementing it like above? Would love to hear any suggestions. Thanks for your help.
Nothing inherently bad about it. Make sure you validate and filter the "name" request var (using preg like "[a-zA-Z0-9\-]". You also might want to limit the length of you names to the first N significant words in the title. This method will obviously be a little slower than using an integer, both on the code side and the query. But it should not be much of a penalty and you can always cache pages to even things out.

You might also look into using a Front Controller rather than Page Controllers. It will greatly simplify your rewrite rules to one or two lines.
(#10850)
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Post by seodevhead »

What I was planning to do was add a column in the 'posts' database table for 'filename' like so:

CREATE TABLE posts (
post_id INT NOT NULL AUTO_INCREMENT,
title VARCHAR(200) NOT NULL,
filename VARCHAR(200) NOT NULL,
{....}
);

So when I create a new blog post, I can just fill out the exact filename I want to use like 'my-custom-filename', so there is a perfect 'match or no-match' validation required for the GET URL parameter.

Is this a good way to do things you think? This way I don't have to worry about breaking down the string passed in the URL with regex or splitting strings, etc.
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

I use that same approach, only I call it a "token" - your script should suggest one, extra points for ajax validation.

It's actually considered good practice for human-readable URL's and.. uh.. SEO ;)
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

I tend to use post title for the navigation. Take a param from an url, replace - and _ with space and do a LIKE search against posts table. So the post called "Who Framed Roger Rabbit" can be referred as "blog/who_framed" or "blog/who-framed-roger" etc.
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Post by seodevhead »

AWESOME. So glad to hear I can do this without any major problems.

I'm guessing I should create an index for the column 'filename', correct?... like so:

CREATE TABLE posts (
{....}
filename VARCHAR(200) NOT NULL,
{....}
INDEX (filename)
UNIQUE (filename)
);
jabbaonthedais
Forum Contributor
Posts: 127
Joined: Wed Aug 18, 2004 12:08 pm

Post by jabbaonthedais »

What if you just used a url like this:

http://www.example.com/72/my-first-post/

Basically your script would ignore the /my-first-post/ and just use the interger, and it would make the search engine happy.
User avatar
seodevhead
Forum Regular
Posts: 705
Joined: Sat Oct 08, 2005 8:18 pm
Location: Windermere, FL

Post by seodevhead »

jabbaonthedais wrote:What if you just used a url like this:

http://www.example.com/72/my-first-post/

Basically your script would ignore the /my-first-post/ and just use the interger, and it would make the search engine happy.
Ehh... guess you can call me a "purist" when it comes to URLs...hehe.

I thought of that, but I figure I'll do the extra work to get that 'perfect' URI. :)
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

stay pure!
jabbaonthedais
Forum Contributor
Posts: 127
Joined: Wed Aug 18, 2004 12:08 pm

Post by jabbaonthedais »

Well the only downside I see then is not being able to use the same topic-name twice. But if its already set to UNIQUE then you don't have to worry about it. But like if you wrote something generic "Dogs and cats" and a year later forgot and wrote something with the same heading, it would only pull one of them (or simply wouldn't allow you to use the heading, depending on how you set it up).
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Wordpress I believe styles their links like

http://www.domain.com/year/month/day/title

That way, you still have your precious title for readability and narrow the chances a bit more..

Even including the id I don't see as not being "pure".
User avatar
Kieran Huggins
DevNet Master
Posts: 3635
Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:

Post by Kieran Huggins »

I believe wordpress (and other blog software) allows you to create "aliases" for any post in the system. Everything is available using the /post/id or the /yyyy/mm/dd/title, but you can optionally make a "shortcut" where it's just /shortcut

The long form is called a "permalink" if I'm not mistaken
matthijs
DevNet Master
Posts: 3360
Joined: Thu Oct 06, 2005 3:57 pm

Post by matthijs »

Yes, wordpress is very flexible with URLs. You can choose everything. /archive/your-post, /2007/02/03/your-post, /category/2007/02/03/your-post, /archive/2007/02/03/your-post, etc etc
That's a very cool system. And how it should be.
Post Reply