Whats the best way to handle URL variables

[CrimpJiggler]

I use URL variables to control my sites and I've been gradually improving/refining my methods but I'm probably wasting time reinventing the wheel here. Now the way I do it is I make a list of allowed URL variables, then check which ones are active. The then I clean up the values of the active vars (to prevent XSS and SQL injection attempts and stuff like that), and load them into an array:

$allowed_url_vars = array("page_id","get","compound","action","show","cat","display","add","edit","order");

foreach ($allowed_url_vars as $var_name) {

	if (isset($_GET[$var_name])) {
	   
		$var_value = clean_url_vars($_GET[$var_name]); 
		$active_url_vars[0][] = $var_name;
		$active_url_vars[1][] = $cleaned_var;		
		
	}
	
}

things get complicated when it comes to using the URL variables to control (i.e. which pages get loaded) the site. In the example above, page_id loads regular pages, but if $_GET['get'] is set, then it loads a special page which displays a list of compounds (chemicals) or plants or other items, and is $_GET['compound'] is set then it needs to display info for a single compound. If action=edit, then it loads the edit page for that compound etc. Up until now I just used a series of if statements to handle all, i.e.

if (isset($page_id) && empty($get))) {
  LOAD ORDINARY PAGE
}
elseif (isset($get)) {

  if ($get == "compounds") {
    if (empty($compound)) { LOAD LIST }
    else { LOAD SINGLE COMPOUND }
  }
  elseif ($get == "plants") { 
    ...
  }

}

but it ends up getting messy and complicated. There has to be a better way to do things. Firstly, I'm getting that using $id instead of an individual variable for each item type would make things easier, but it would make things less user friendly. If anyone here would share with me how they do things, I'd greatly appreciate it. 

Edited November 29, 2013 by CrimpJiggler

[CrimpJiggler]

I can't edit the post anymore for some reason, so note that I made a mistake there, $cleaned_var should be $var_value

[Ch0cu3r]

All you need is three url vars

 

id - the page, compound or plant id

pagetype - type of product:-  page, component or plant

action - the action to take, view (show/display), edit, delete, add a page, component or plant

 

To decide which pagetype to display you'd have

$id         = isset($_GET['id']) ? $_GET['id'] : '';             // the page, compound or plant id
$pageType   = isset($_GET['type']) ? $_GET['type'] : 'page';     // set page as default pageType
$pageAction = isset($_GET['action']) ? $_GET['action'] : 'view'; // set view as default page action

$pageTypes   = array('page', 'compound', 'plant');     // list available page types
$pageActions = array('view', 'edit', 'delete', 'add'); // list possible actions

// decide what type of page to view
if(in_array($pageType, $pageTypes))
{
    include $pageType . '.php'; // include the file for pageType
}
else
    // display invalid page type error message

Then you'd set-up three php files for the pageTypes which are, page.php, compound.php and plant.php

 

In all three you'd have code like this to decide what action to perform

if(in_array($pageAction, $pageActions))
{
    switch($pageAction)
    {
        case 'add':
            // add $pageType
        break;

        case 'edit':
            // edit $pageType
        break;

        case 'delete':
            // delete $pageType
        break;

        case 'view':
        default:
            // view $pageType
        }
    }
}
else
    // display invalid action error message

Edited November 29, 2013 by Ch0cu3r

[CrimpJiggler]

Thanks a lot!

[trq]

There has to be a better way to do things.

 

There is