0

As far as I am aware there are two different ways of 'routing' and using 'friendly urls'

1: Solely using .htaccess:

RewriteRule ^foobar/([^/]+)/([^/]+)$ "index.php?foo=$1&bar=$2" [NC]

or 2: Using .htaccess in conjunction with an index.php 'routing' system:

    <IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteBase /
          # if file not exists
          RewriteCond %{REQUEST_FILENAME} !-f
          # if dir not exists
          RewriteCond %{REQUEST_FILENAME} !-d
          # avoid 404s of missing assets in our script
          RewriteCond %{REQUEST_URI} !^.*\.(jpe?g|png|gif|css|js)$ [NC]
          RewriteRule .* index.php [QSA,L]
    </IfModule>

And then inside index.php:

$uri = explode("/",substr($_SERVER['REQUEST_URI'],1));
    if((isset($uri[0])) && ($uri[0]!="")) {
        $page = $uri[0];
        if(is_file(ROOT."/subs/docs/$page/config.php")) {
               include(ROOT."/subs/docs/$page/config.php");
            }
    } else {
        $page="home";
    }

then include $page somewhere down the line.

My question is, which way is better, or is there some other method I am unaware of? And by better I mean in terms of efficiency, speed, and logic.

Yogesh Pingle
  • 3,545
  • 3
  • 16
  • 16
Chud37
  • 4,907
  • 13
  • 64
  • 116
  • Does it matter to you which is more efficient? – Waleed Khan Jan 15 '13 at 12:22
  • Another method which sort of mixes the two would be a front controller, where all %{REQUEST_URI}s are routed to a single file, which then pulls the $_SERVER['REQUEST_URI'] to pieces to find out which PHP classes would deal with the URL. Whether it's more efficient or not, I don't know. Personally I find it easier to put the logic in PHP than in the .htaccess, but this is just personal – GarethL Jan 15 '13 at 12:24
  • Just heads up, the code you're showing is quite dangerous and fairly easy to exploit. – Karl Laurentius Roos Jan 15 '13 at 12:25
  • @GarethL that is exactly what I am doing! :D – Chud37 Jan 15 '13 at 12:34
  • @KarlLaurentiusRoos In what way is it easy to exploit? – Chud37 Jan 15 '13 at 12:35
  • @Chud37, since `$page` is a variable, I can introduce `$page` to be `../../etc/passwd` and so on. There is a special character that I can append which can make PHP ignore `/config.php`. You need to do some checking so that people can't do directory traversals :) – F21 Jan 15 '13 at 12:44
  • @F21, any advice as to where I could read up on what your talking about? I am very interested in securing things! – Chud37 Jan 15 '13 at 12:53
  • @Chud37: This is a good start: http://stackoverflow.com/a/4205278/624884 Also, google for "php directory traversal" :) – F21 Jan 15 '13 at 23:35

1 Answers1

1

In the real life most routing systems are so complicated that 1st option turns .htaccess right into living nightmare.

As a matter of fact, the number of all possible input parameters combinations as so huge, that main application router have to deal only with detecting controller. While each particular controller have to deal with them it's own way.
Frankly, you cannot tell for sure that 2nd parameter have to be assigned to the foo variable and 3rd assigned to the bar.

So, there is no choice but 2nd one.

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
  • That's a good point. So is the second one the *best* way to do it, in your opinion? Or what is? – Chud37 Jan 15 '13 at 12:44