0

I have little to none experience with .htaccess so I have a few questions in my head I want to clarify. I am attempting to make a website where all traffic redirects to my routing file which handles it. What I have in my mind is something like https://domain.smt/register will redirect to https://domain.smt/router.php?url=register. Is it possible to do so with the .htacess file or is there a better way of doing so?

There is a problem with this approach though, if I want to add parameters to my url, say https://domain.smt/register?redirect=page/category/stuff wouldn't the router file be vulnerable to injection attacks? How should I resolve this if I use this .htaccess approach? Or is this just not going to happen?

I have tried searching it and came across this Redirect all to index.php using htaccess but it still doesn't mention the injection above so is it just me overthinking?

Thanks for any help.

yxlow07
  • 332
  • 2
  • 10

1 Answers1

0

You don't need that "url=" part in your router script. Set up .htaccess as explained in the mentioned question and then use $_SERVER['REQUEST_URI'] - it already contains the path.

Even easier, put phpinfo(); to the top of the router script and you'll see what variables are defined in it.

astax
  • 1,769
  • 1
  • 14
  • 23
  • I tried it out and one thing caught my eye which is: `[QUERY_STRING] => redirect=login/http/req&hello=world`. If I want to use this part in my code how can I sanitise it to prevent injections? Is htmlspecialchars enough? – yxlow07 May 11 '22 at 08:25
  • To parse thisstring, you can pass it to `parse_str` function - https://www.php.net/manual/en/function.parse-str.php As for sanitizing - this is a different question and depends on where you need to use this string. There are number of questions and answers on Stackoverflow about this, – astax May 11 '22 at 12:10