I recently decided to make .htaccess links to my user profiles so they would look something like
http://mywebsite.com/username
Right now I am using id to filter users, like this
http://mywebsite.com/profile.php?id=1
But I will need to change id to username, like so
http://mywebsite/profile.php?username=theuser
And then I would use .htaccess stuff to transform it to example mentioned at the begging.
Right now I am concerned about security, because when I was using id to filter profile page I used:
Expand|Select|Wrap|Line Numbers
- $id = preg_replace('#[^0-9]#i', '', $_GET['id']);
I am worried that someone could do something like this:
http://mywebsite/username, DROPDATABASE
And that DROPDATABASE thing could screw things up for me.
So could anyone suggest ideas and if possible examples of securing this? And if you have any questions or do not understand something of what I wrote please ask them ))))
__________________________________________________ ___________
This is .htaccess code that I found and would probably use to accomplish my task.
Expand|Select|Wrap|Line Numbers
- Options +FollowSymLinks
- RewriteEngine On
- RewriteCond %{SCRIPT_FILENAME} !-d
- RewriteCond %{SCRIPT_FILENAME} !-f
- RewriteRule ^(\w+)$ ./index.php?username=$1