473,385 Members | 1,645 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > how to secure .htaccess links to user profiles? (vanity url)

Join Bytes to post your question to a community of 473,385 software developers and data experts.

How to secure .htaccess links to user profiles? (vanity url)

ilya Kraft
134 100+
Hello,

I recently decided to make .htaccess links to my user profiles so they would look something like

http://mywebsite.com/username

Right now I am using id to filter users, like this

http://mywebsite.com/profile.php?id=1

But I will need to change id to username, like so

http://mywebsite/profile.php?username=theuser

And then I would use .htaccess stuff to transform it to example mentioned at the begging.
Right now I am concerned about security, because when I was using id to filter profile page I used:

Expand|Select|Wrap|Line Numbers
  1. $id = preg_replace('#[^0-9]#i', '', $_GET['id']);
  2.  
That filtered everything but numbers from id, to make it secure against SQL injection, but now when I filter by username it is not an option.

I am worried that someone could do something like this:

http://mywebsite/username, DROPDATABASE

And that DROPDATABASE thing could screw things up for me.

So could anyone suggest ideas and if possible examples of securing this? And if you have any questions or do not understand something of what I wrote please ask them ))))

__________________________________________________ ___________

This is .htaccess code that I found and would probably use to accomplish my task.

Expand|Select|Wrap|Line Numbers
  1. Options +FollowSymLinks 
  2. RewriteEngine On
  3.  
  4. RewriteCond %{SCRIPT_FILENAME} !-d 
  5. RewriteCond %{SCRIPT_FILENAME} !-f
  6.  
  7. RewriteRule ^(\w+)$ ./index.php?username=$1
  8.  
Jul 14 '11 #1
2 3026
Markus
6,050 Expert 4TB
Ideally you would use a library such as PDO which provides prepared statements that are secured against attacks of this nature. In any case, the documentation provides information on protecting yourself against SQL Injection.
Jul 14 '11 #2
ilya Kraft
134 100+
Hi,

Right I did a research about PDO, but I realized that it is too confusing to me, I'm not that advanced yet, just started couple months ago, so if it's not hard could you please tell me more about PDO. I also took a look at link you provided, but it only shows examples of unsecured stuff there, I was not able to find anything helpful. Well maybe this type of securing is too hard for me ))) I might stay with my old system a bit longer...
Jul 14 '11 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

3
Object reference terribly slow with certain user profiles
by: Test Test | last post by:
Hi, group! Here is some interesting problem: Our company has developed a large VB6 application that runs very smoothly on most environments. However, all of a sudden one of our customers...
Visual Basic 4 / 5 / 6
0
Problem with Creating User Profiles on Windows XP
by: Wayne Gibson | last post by:
Hi all, Please ignore the other post.. The cat jumped on the machine and sent it before I could stop it!! Was wondering if anybody has expericence this problem.. I am writting an application...
.NET Framework
3
Vanity URL Question?
by: Leon | last post by:
How to personalized different parts of my website using vanity sub-domain name url. example: my domain name is www.mydomain.com. I would like the vanity url to be myname.mydomain.com, and...
ASP.NET
3
User Profiles and ASP 2.0
by: Alexandr Zverev | last post by:
Hello! I have to create ASP.NET 2.0 role-based portal with following restrictions: 1. MembershipUsers must be stored in Active Directory 2. Role Membership stored in standard ASP 2.0 SQL...
ASP.NET
9
accessing outlook user profiles from VB.net
by: Srinivas | last post by:
hi all how to access the outlook user profiles through VB.net any help.... thanks in advanc Srinivas
Visual Basic .NET
0
Delete User Profiles via ASP.net webform using VB.net
by: Rocky | last post by:
How can list and delete user profiles on a remote machine that is in AD via a asp.net webform using vb.net?
ASP.NET
4
cURL and .htaccess based user authentication
by: semi_evil | last post by:
I found a nice example of ebay login using PHP and cURL at http://curl.haxx.se/libcurl/php/examples/ Is this technique applicable to sites that authenticate users using a browser-opened dialog?...
PHP
3
Windows Installer Bug With Secondary User Profiles (windows Xp Pro)
by: garyvale | last post by:
Hi, I am experiencing a recurrent bug with my secondary user profiles. I am using WIN XP Pro with SP2 and all current critical upgrades/patches. I am able to create secondary and tertiary...
Microsoft Windows
2
User Profiles
by: =?Utf-8?B?RWQ=?= | last post by:
I have started creating an application where I make use of User Profiles, to allow users to enter information about themselves. I now find that I wish I could create an "Administrator" account...
ASP.NET
1
How do you create a Vanity URL in .net?
by: curtisaallen | last post by:
Hey Guys, How do you create a vanity url with dot.net and are there any good tutorial on making vanity url. Example: mydomain.com/contact.aspx I would like it to be mydomain.com/contact ...
.NET Framework
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!