Need help installing PHP, configuring a script, or configuring a server? Then come on in and post your questions! We'll try to help the best we can !
Moderator: General Moderators
methos
Forum Newbie
Posts: 13 Joined: Sat Oct 21, 2006 8:31 am
Post
by methos » Sat Jan 20, 2007 9:12 am
What code could I use to rewrite this first url into the second.
The reason being the extra information on the first url could change the price of a product.
Maybe my making it impossible to have a "?" in the url???
Code: Select all
http://www.mysite.com/cartsoftware/Cart.php?price=whatever
into
Code: Select all
http://www.mysite.com/cartsoftware/Cart.php
Kieran Huggins
DevNet Master
Posts: 3635 Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:
Post
by Kieran Huggins » Sat Jan 20, 2007 9:26 am
search for mod_rewrite
wtf
Forum Contributor
Posts: 331 Joined: Thu Nov 03, 2005 5:27 pm
Post
by wtf » Sat Jan 20, 2007 11:57 am
Why are you passing price via form in the first place???
Kieran Huggins
DevNet Master
Posts: 3635 Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:
Post
by Kieran Huggins » Sat Jan 20, 2007 12:57 pm
"wtf" makes a good point.. I know people who got some really cheap TV's in the early days of e-commerce that way - it turns out that URL injection is protected as an "offer to purchase" in North America. It's up the the online store to confirm or reject it at that point. If only I had been a little more care-free...
methos
Forum Newbie
Posts: 13 Joined: Sat Oct 21, 2006 8:31 am
Post
by methos » Sat Jan 20, 2007 2:11 pm
How could I pass it without a form?
Last edited by
methos on Sun Feb 25, 2007 3:17 pm, edited 1 time in total.
Kieran Huggins
DevNet Master
Posts: 3635 Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:
Post
by Kieran Huggins » Sat Jan 20, 2007 2:56 pm
the product should have a price in the DB - look it up by product ID
m3mn0n
PHP Evangelist
Posts: 3548 Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada
Post
by m3mn0n » Sat Jan 20, 2007 3:34 pm
Moving this to the Installation and Configuration forum.
Kieran Huggins
DevNet Master
Posts: 3635 Joined: Wed Dec 06, 2006 4:14 pm
Location: Toronto, Canada
Contact:
Post
by Kieran Huggins » Sat Jan 20, 2007 5:52 pm
I should have read the original post more carefully.. sorry!
To get rid of form data in the URL use POST. You still shouldn't be passing pricing information by form though, it's just as unsafe.