I have coded a database and I dont like how the user can edit the titles through the get variable. Is there anyway I could stop that? Wouldnt getting each request from the database slow down the site?
<?php
include "config.php";
include "functions.php";
$SITEURL = addSlash($SITEURL);
$action = $_GET['action'];
$state = $_GET['state'];
$city = $_GET['city'];
$id = $_GET['id'];
echo $SITEURL;
switch($action) {
case 'cities':
include 'templates/cities.php';
break;
case 'place':
include 'templates/place.php';
break;
case 'places':
include 'templates/places.php';
break;
default:
include 'templates/home.php';
break;
}
?>
#places.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php echo $siteTitle; ?></title>
</head>
<body>
<h2><?php echo $SITETOPIC." in ".$city.",".getStateName($state); ?></h2>
<?php
$query = "SELECT DISTINCT biz_name, biz_id FROM animalshelter WHERE city = '".$city."'";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
echo "<a href=http://".$SITEURL."place/".$state."/".urlencode($city)."/".$row['biz_id'].">".$row['biz_name']."</a><br />";
}
?>
</body>
</html>
#.htaccess
# .htaccess mod_rewrite
# demo.com
Options +FollowSymlinks
Options +Indexes
RewriteEngine On
RewriteBase /databaseSite/
ErrorDocument 404 /templates/404.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^([a-zA-Z]+)/([a-zA-Z]+)$ index.php?action=$1&state=$2 [QSA,NC]
RewriteRule ^([a-zA-Z]+)/([a-zA-Z]+)/([a-zA-Z\+\_\-]+)$ index.php?action=$1&state=$2&city=$3 [QSA,NC]
RewriteRule ^([a-zA-Z]+)/([a-zA-Z]+)/([a-zA-Z\+\_\-]+)/([0-9]+)$ index.php?action=$1&state=$2&city=$3&id=$4 [QSA,NC]