0

Lets say I have this page:
example.com/state/california
and I use $_GET to retrieve that specific page from the DB.

However when I try this page:
example.com/state/new%20york
My page seems to only retrieve "new" instead of "new york"

htaccess:

RewriteRule ^([^\.]+)$ $1.php [NC,L]
RewriteRule ^state/([0-9a-zA-Z]+) location.php?state=$1 [NC,L]

Code:

<? 
$state = $_GET['state'];
$sql = "
    SELECT
        *
    FROM
        states
    WHERE
        state = '$state'
    ";

$records = mysqli_query($db_conx, $sql);

$sql = "
    SELECT
        *
    FROM
        states
    WHERE
        state='$state' LIMIT 1
    ";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);

if ($numrows < 1) {
    echo $state;
    exit();
} else {
    echo "Welcome to the state of ".$state;
}
?>

I'm not looking for the file name, I'm looking for the last part of the loaded semantic URL.

James
  • 4,644
  • 5
  • 37
  • 48
Pazzy
  • 35
  • 8
  • 5
    Show us your code – Mike Apr 08 '18 at 23:31
  • 1
    Possible duplicate of [How to get current PHP page name](https://stackoverflow.com/questions/13032930/how-to-get-current-php-page-name) – Obsidian Age Apr 08 '18 at 23:36
  • is there a router involved? or a simple .htaccess REWRITE? Not enough information there to help you... – Jeff Apr 08 '18 at 23:48
  • .htaccess RewriteRule ^([^\.]+)$ $1.php [NC,L] RewriteRule ^state/([0-9a-zA-Z]+) location.php?state=$1 [NC,L] – Pazzy Apr 08 '18 at 23:51
  • ` $state = $_GET['state']; $sql = "SELECT * FROM states WHERE state = '$state'"; $records = mysqli_query($db_conx, $sql); $sql = "SELECT * FROM states WHERE state='$state' LIMIT 1"; $query = mysqli_query($db_conx, $sql); $numrows = mysqli_num_rows($query); if($numrows < 1){ echo $state; exit(); } else { echo "Welcome to the state of ".$state; } ?>` – Pazzy Apr 08 '18 at 23:57
  • Sorry guys for the code layout :( – Pazzy Apr 08 '18 at 23:58
  • @Mike - Posted code – Pazzy Apr 09 '18 at 00:06
  • @ObsidianAge - not looking for file name – Pazzy Apr 09 '18 at 00:06
  • @Jeff - Posted htaccess – Pazzy Apr 09 '18 at 00:06
  • 1) Your code should be in the edited original question 2) Your code is vulnerable to SQL injection (hint: use prepared statements) – ccKep Apr 09 '18 at 00:10

1 Answers1

-1

The %20 is "breaking" the chain. I.e. your htaccess doesn't see what comes after this as being part of the same block as that which precedes it. I would suggest creating a function to replace white spaces with an underscore or a hyphen

Ollie Brooke
  • 64
  • 10
  • Could you provide an example in which I can replace white spaces with a hyphen It would be awesome if I could use this as an example example.com/state/new-york – Pazzy Apr 09 '18 at 00:28
  • You'd need to do this when creating the link that takes users to the page in question. So, I'd go with `$url=str_replace(" ","-",$state);` – Ollie Brooke Apr 09 '18 at 00:48
  • This code worked however example.com/state/new-york still returns "new" – Pazzy Apr 09 '18 at 01:04
  • It seems like the hypen is also breaking the chain, why is this happening? – Pazzy Apr 09 '18 at 01:04
  • Try changing `RewriteRule ^state/([0-9a-zA-Z]+)` to `RewriteRule ^state/(.*)` – Ollie Brooke Apr 09 '18 at 01:19
  • If this does work, please make sure you put some kind of protection on your SQL statement to prevent MySQL injection. Otherwise, anyone could include SQL in the URL and this would then get executed by your PHP. For example, you could have an array of possible states and if the value of `$_GET['state']` is not found inside that array then don't execute the SQL – Ollie Brooke Apr 09 '18 at 01:21