smerny Posted August 18, 2009 Share Posted August 18, 2009 So I'm creating my site with a lot of includes.... an example is ".com?f=forum&p=topics&id=5" The main index page has the head and title info as well as the main banner and the navigation menu... then does $folder=$_REQUEST['f']; and $page=_REQUEST['p'] and includes a page like this: <?php if ($folder == "includes"){ $directto = $folder."/".(isset($page)? $page.".php" : "home.php"); } else { $directto = $folder."/index.php"; } if (file_exists($directto)) { include($directto); } else { echo "$page doesnt exist in $folder"; } echo "<br />"; ?> and the indexes in the folders will also take the $page variable to determine what information to show ... then it picks up at the bottom of the main index page for the footer and end html tags ============================================== my question is.... how good will this be for search engines? if not good... how can i make it better? Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted August 18, 2009 Share Posted August 18, 2009 I'm not an SEO buff, but I believe, amongst other things, search engines prefer pretty URLs, but do not necessarily require them. As long as your links render correctly in an agent with JavaScript disabled, it will find them. You can use mod_rewrite to clean your URLs up; it's an apache module. And make sure you white list things coming in off of $_GET for which PHP files to include or you're vulnerable to attacks. Quote Link to comment Share on other sites More sharing options...
smerny Posted August 19, 2009 Author Share Posted August 19, 2009 white list? edit: nvm, looked it up but doesn't if (file_exists($directto)) { include($directto); } else { echo "$page doesnt exist in $folder"; } automatically whitelist it? Quote Link to comment Share on other sites More sharing options...
roopurt18 Posted August 19, 2009 Share Posted August 19, 2009 http://www.yourdomain.com/index.php?f=../../database.config If you have a file, database.config, two directories up from where you index.php is (or whatever the current directory is when Apache runs the file), then you'll include() it and give me your database credentials. Of course I have to be good at guessing such things, but why leave it to chance? And what if you installed third party plugins / scripts on your site? I might know how those work and where they keep files and I could get your index.php to deliver to me configuration for all sorts of stuff. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.