The query string url of my php page could be changed and still viewed as the same page. Why is this happeing? How could it be fixed? Is it something to be done through htaccess file? Eg of url: http://matter.com/article.php?id=1 If I change url to http://matter.com/article.php?howdy=1 it still display the same page. Please help.
code attached how to avoid query string url of php page to be spamed I have a page, "article.php" on which I call an include file to display query results. The include file code follows <?php include 'dataconnection.php'; $pagenum = $_GET['pagenum']; //This checks to see if there is a page number. If not, it will set it to page 1 if (!(isset($pagenum))) { $pagenum = 1; } //Here we count the number of results //Edit $data to be your query $data = mysql_query("Select * FROM news" ); $rows = mysql_num_rows($data); if(!$rows){ echo mysql_error(); } //This is the number of results displayed per page $page_rows = 15; //This tells us the page number of our last page $last = ceil($rows/$page_rows); //this makes sure the page number isn't below one, or more than our maximum pages if ($pagenum < 1) { $pagenum = 1; } elseif ($pagenum > $last) { $pagenum = $last; } //This sets the range to display in our query $max = 'limit ' .($pagenum - 1) * $page_rows .',' .$page_rows; $data_p = mysql_query("Select id,edid,title,date_format(date, '%M %D, %Y') as date,SUBSTRING(body,1,150) AS body from news where body like '%". $_GET["query"] . "%' order by id desc $max") or die(mysql_error()); echo "<br>","<center>","<b>","News ","</b>","</center>","<br>"; while($info = mysql_fetch_array( $data_p )) { $id= $info[id]; $title= $info[title]; $title1 = str_replace (" ","-",($info[title])); $code_entities_match = array(' ','- -','"','!','@','#','$','%','^','&','*','(',')','_','+','{','}','|',':','"','<','>','?','[',']', '\\',';',"'",',','.','/','*','+','~','`','='); $code_entities_replace = array ('-','-','','','','','','','','','','','','','','','','','','','','','','','',''); $title2 = str_replace($code_entities_match, $code_entities_replace, $title); echo "<br>", "<strong>","<a href='item/$id/ $title2'>".$title."</a>","</strong>"; Print $info[body]; echo "..."; echo "<br>"; } // This shows the user what page they are on, and the total number of pages //echo "<br>"," Page $pagenum of $last <p>"; echo "<table width=200>", "<tr>","<td width=100>";echo "<br>"; // First we check if we are on page one. If we are then we don't need a link to the previous page or the first page so we do nothing. If we aren't then we generate links to the first page, and to the previous page. if ($pagenum == 1) { } else { //echo " <a href='{$_SERVER['PHP_SELF']}?pagenum=1'> <<- First</a> "; echo " "; $previous = $pagenum-1; echo " <a href='{$_SERVER['PHP_SELF']}? pagenum=$previous'> <b><-Previous</b></a> "; echo "</td>"; } //just a spacer-now changed to td echo "<td width=100>"; echo "<br>"; //This does the same as above, only checking if we are on the last page, and then generating the Next and Last links if ($pagenum == $last) { } else { $next = $pagenum+1; echo " <a href='{$_SERVER['PHP_SELF']}? pagenum=$next'><b> Next -></b></a> "; //echo " <a href='{$_SERVER['PHP_SELF']}? pagenum=$last'>Last ->></a> "; } echo "</td>", "</tr>", "</table>"; ?> ------------------------------------------------- It display the list of all news from the database limiting 15 to a page. When I click on the Next page button, what I get on my url is http://www.example.com/article.php?pagenum=2 At the url, if any changes are made like http://www.example.com/article.php?id=2 (where id does not exist) or http://www.example.com/article/pagenum=2 (a slash instead of .php?) the site displays the results exactly like the oringinal page. Why is this happening? I have a rewrite rule in my htaccess file for another page for clean urls. All these files including the htaccess files are in my root folder. Problem2 I made another search folder with search page but the search displays in its first page the results properly. When the Next page link is clicked for page 2, what displays is exactly what is seen in the http://www.example.com/article.php?pagenum=2. Any help would greatly appreciated.
The script expects something like http://matter.com/article.php?pagenum=1 If $pagenum is not set, it will be set to 1 automatically in the script: Code: if (!(isset($pagenum))) { $pagenum = 1; } So if you use id=1 or howdy=1, $pagenum will always be set to 1, that's why you see the same content.
Thankyou falco. I tried to work around the problem but the only way I could come up with is to pass the pagenum and using GET to set the current variable. Is there any other way to do this without passing the pagenum variable through a url?
