Page 1 of 1
Bad idea or perfectly acceptable?
Posted: Sun Mar 25, 2007 3:39 pm
by seodevhead
Hey guys,
I have a 'blog-like' section of a website I am developing and usually design my scripts so they accept a numerical GET value in the URL to pull the associated blog/content.
Example (like a usual blog or forum post, etc)
http://www.example.com/post.php?num=72
However, I would like to implement mod_rewrite on this section and do not want any numerical ID's in the URL.. as I would rather have the post name/title be the identifier (which is also the GET value).
Example:
http://www.example.com/my-first-post/
Where the rewritten URL above is mapped to:
http://www.example.com/post.php?name=my-first-post
Is there anything 'bad' about using a string identifier like above to pull content from the database? Each blog post's primary key is numerical, but the post name is stored in a UNIQUE VARCHAR column in the database, so it is accessible and able to be used to pull content.
Is there any security risks or performance issues with implementing it like above? Would love to hear any suggestions. Thanks for your help.
Posted: Sun Mar 25, 2007 3:47 pm
by alex.barylski
Except for the fact that securing an integer using a cast:
Is much easier and faster than say - preg_replace() on a string...
It's common to use this technique (Most PHP CMS use it) so it can't be that bad
Just remember to escape or clean it up using regex before sending to DB for query

Re: Bad idea or perfectly acceptable?
Posted: Sun Mar 25, 2007 5:00 pm
by Christopher
seodevhead wrote:Is there anything 'bad' about using a string identifier like above to pull content from the database? Each blog post's primary key is numerical, but the post name is stored in a UNIQUE VARCHAR column in the database, so it is accessible and able to be used to pull content.
Is there any security risks or performance issues with implementing it like above? Would love to hear any suggestions. Thanks for your help.
Nothing inherently bad about it. Make sure you validate and filter the "name" request var (using preg like "[a-zA-Z0-9\-]". You also might want to limit the length of you names to the first N significant words in the title. This method will obviously be a little slower than using an integer, both on the code side and the query. But it should not be much of a penalty and you can always cache pages to even things out.
You might also look into using a Front Controller rather than Page Controllers. It will greatly simplify your rewrite rules to one or two lines.
Posted: Sun Mar 25, 2007 5:45 pm
by seodevhead
What I was planning to do was add a column in the 'posts' database table for 'filename' like so:
CREATE TABLE posts (
post_id INT NOT NULL AUTO_INCREMENT,
title VARCHAR(200) NOT NULL,
filename VARCHAR(200) NOT NULL,
{....}
);
So when I create a new blog post, I can just fill out the exact filename I want to use like 'my-custom-filename', so there is a perfect 'match or no-match' validation required for the GET URL parameter.
Is this a good way to do things you think? This way I don't have to worry about breaking down the string passed in the URL with regex or splitting strings, etc.
Posted: Mon Mar 26, 2007 2:53 am
by Kieran Huggins
I use that same approach, only I call it a "token" - your script should suggest one, extra points for ajax validation.
It's actually considered good practice for human-readable URL's and.. uh.. SEO

Posted: Mon Mar 26, 2007 4:31 am
by stereofrog
I tend to use post title for the navigation. Take a param from an url, replace - and _ with space and do a LIKE search against posts table. So the post called "Who Framed Roger Rabbit" can be referred as "blog/who_framed" or "blog/who-framed-roger" etc.
Posted: Mon Mar 26, 2007 6:13 am
by seodevhead
AWESOME. So glad to hear I can do this without any major problems.
I'm guessing I should create an index for the column 'filename', correct?... like so:
CREATE TABLE posts (
{....}
filename VARCHAR(200) NOT NULL,
{....}
INDEX (filename)
UNIQUE (filename)
);
Posted: Mon Mar 26, 2007 2:31 pm
by jabbaonthedais
What if you just used a url like this:
http://www.example.com/72/my-first-post/
Basically your script would ignore the /my-first-post/ and just use the interger, and it would make the search engine happy.
Posted: Mon Mar 26, 2007 2:44 pm
by seodevhead
jabbaonthedais wrote:What if you just used a url like this:
http://www.example.com/72/my-first-post/
Basically your script would ignore the /my-first-post/ and just use the interger, and it would make the search engine happy.
Ehh... guess you can call me a "purist" when it comes to URLs...hehe.
I thought of that, but I figure I'll do the extra work to get that 'perfect' URI.

Posted: Mon Mar 26, 2007 4:13 pm
by Kieran Huggins
stay pure!
Posted: Mon Mar 26, 2007 8:05 pm
by jabbaonthedais
Well the only downside I see then is not being able to use the same topic-name twice. But if its already set to UNIQUE then you don't have to worry about it. But like if you wrote something generic "Dogs and cats" and a year later forgot and wrote something with the same heading, it would only pull one of them (or simply wouldn't allow you to use the heading, depending on how you set it up).
Posted: Mon Mar 26, 2007 8:48 pm
by John Cartwright
Wordpress I believe styles their links like
http://www.domain.com/year/month/day/title
That way, you still have your precious title for readability and narrow the chances a bit more..
Even including the id I don't see as not being "pure".
Posted: Mon Mar 26, 2007 9:13 pm
by Kieran Huggins
I believe wordpress (and other blog software) allows you to create "aliases" for any post in the system. Everything is available using the /post/id or the /yyyy/mm/dd/title, but you can optionally make a "shortcut" where it's just /shortcut
The long form is called a "permalink" if I'm not mistaken
Posted: Tue Mar 27, 2007 1:00 am
by matthijs
Yes, wordpress is very flexible with URLs. You can choose everything. /archive/your-post, /2007/02/03/your-post, /category/2007/02/03/your-post, /archive/2007/02/03/your-post, etc etc
That's a very cool system. And how it should be.