1

I have looked and look and I cannot get this working. I have tried to do it with .htaccess and other tries but nothing is working.

I am trying to get from new-machinery.php?Item=100 to new-machinery/Item-Name

This what I have for my product pages.

 <?php

$LimitAmt = $Amt + 1;
$Limit = "LIMIT $LimitAmt";
$NextPage = $Page + 1;
$PrevPage = $Page - 1;


$SQLCat = "";
if (strlen($Cat) > 1)
{
$SQLCat = "AND (`Category` LIKE '$Cat;%' OR `Category` LIKE '%;$Cat' OR `Category` LIKE '$Cat')";   
}


$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `condition`='New' $SQLCat $Limit";
$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link);

$name = mysql_result($result,$i,"name");
$model = mysql_result($result,$i,"model");
$manu = mysql_result($result,$i,"manu");
$desc = mysql_result($result,$i,"desc");
$imagename = mysql_result($result,$i,"image");*/

$eid = $row['id'];
$itemname = $row['itemname'];
$model = $row['model'];
$manufactuer = $row['manufactuer'];
$desc = $row['desc'];
$imagename = $row['image'];


if (!file_exists("UImages/" . $imagename) || strlen($imagename) < 5)
{
$imagename = "NoImage.jpg";
}
?>

And to display the products url I have

<a itemprop="url" href="new-product.php?Item=<?php echo $itemname; ?>"><span itemprop="name"><?php echo $itemname; ?></span></a>

Like I said, I have looked and tried everything I could find but I keep getting a 404 page.

Any help would be greatly appreciated.

Improve this question
11
  • What did you try with .htaccess? What does the code you're showing have to do with rewrites? Commented Oct 8, 2015 at 1:40
  • Possible duplicate of Reference: mod_rewrite, URL rewriting and "pretty links" explained Commented Oct 8, 2015 at 1:43
  • I wasn't sure if you needed to see my code to see if I was doing something wrong. Commented Oct 8, 2015 at 1:49
  • What you did with the .htaccess would be useful and what errors/issues specifically you encountered. Commented Oct 8, 2015 at 1:50
  • Also, everything I read, has it going like /product/ProductID/ I need it to be product/ProductName/. I tried following this addedbytes.com/articles/for-beginners/… Commented Oct 8, 2015 at 1:51

1 Answer 1

Reset to default
1

First you need to change your links to the format you want. Something like

href="new-product/<?php echo $itemname; ?>">

In your .htaccess you want something like.

RewriteRule ^new-product/(.*) new-product.php?Item=$1

The ^ is the start of the URL.
The () captures the values inside it.
The . is an character and the * is zero or more occurrences of any character. So bascially .* is equal to anything.
The $1 is the value from the first capture group. If you have 2 capture groups they are in order of appearance.

So this new-product/(.*) is the url on the back end the RewriteRule tells apache to send the request to PHP as new-product.php?Item=$1.

So in your PHP you're going to need to change your call so it checks for the name rather than the ID.

$name = mysql_real_escape_string($_GET['Item']); 
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `itemname`='$name' LIMIT 1;"; 
$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link); 
$row = mysql_fetch_assoc($R_GetEquipment);

The fetched data doesn't need to be escaped. The escaping is so your SQL statement can't be manipulated by inserting additional characters.

The preferred approach for this is using paramaterized queries unfortunately mysql_ functions don't support that. I'd recommend you update to PDO or mysqli_ so you can take advantage of these.

https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29
http://php.net/manual/en/security.database.sql-injection.php
How can I prevent SQL injection in PHP?

If other people had the older format you'll need to make a rewrite controller. The htaccess will need to send to a PHP page that has DB access so it can pull the name from the ID, then resend it... or do a conditional check on your page and if the parameter is an integer check it by id.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You have help above and beyond. I appreciate all your help and knowledge on this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.