barney0o0 Posted January 20, 2017 Share Posted January 20, 2017 HI, its a been a long afternoon....ive inherited partial site to update. Shopping cart works fine, however as ive updated the structure to SEO friendly urls one part isnt working I have a delete button, and script to update the session: <a href="cart.php?rid=x&del=1&pos=y" >delete </a> if($_GET['del']==1 && isset($_GET['rid']) && $_GET['rid']!='' && $_GET['rid']!=0) { $r=$_GET['rid']; $pos=$_GET['pos']; $_SESSION['qty']=$_SESSION['qty']-$_SESSION['cart'][$pos]['qty']; unset($_SESSION['cart'][$pos]); } when using the url cart.php?... all works fine, however, now with seo friendly link (the page is website.com/cart) the page refreshes however doesn't update the session. How do i reconstruct the delete url to reflect the changes on structure so that it works? Thanks in advance Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 20, 2017 Share Posted January 20, 2017 (edited) This is far too vague. How does the full SEO URL look like? How is it resolved? Which parameter are you receiving in the script? var_dump($_GET); Besides that, using GET requests to change data violates the HTTP standard and leads to security vulnerabilities. For example, I can delete products from the cart of any user simply by making them visit a page with an image while they're logged in: <img src="http://yoursite.com/cart.php?rid=x&del=1&pos=y" alt=""> The browser makes a GET request to the URL in an attempt to load the image, and that alone is enough to trigger the action. This is a rather harmless case, but if you use this pattern consistently, you're definitely in trouble. You need to make POST requests with an anti-CSRF token. Edited January 20, 2017 by Jacques1 Quote Link to comment Share on other sites More sharing options...
barney0o0 Posted January 20, 2017 Author Share Posted January 20, 2017 The full url is website.com/en/cart The content of the cart.php page is pulled down from both the session 'user' and 'cart' Its a little B2B site, which content is user protected, i know its not ideal, but this should've been a quick fixed thats melting my brain. The above script works fine when using the .php file In the htaccess rewrite file theres a simple 'RewriteRule ^([a-zA-Z_]+)/cart$ cart.php?lang=$1 [L,NC] Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 20, 2017 Share Posted January 20, 2017 (edited) The full url is website.com/en/cart So what happened to the URL parameters? Its a little B2B site [...] Then security vulnerabilities and defects aren't a concern, of course. Edited January 20, 2017 by Jacques1 Quote Link to comment Share on other sites More sharing options...
barney0o0 Posted January 20, 2017 Author Share Posted January 20, 2017 The only url parameter is the $lang, all the other data is pulled from the session. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 20, 2017 Share Posted January 20, 2017 Read the code. The script expects three URL parameters: del, rid, and pos. If the parameters aren't present, nothing happens. That's simple logic. Quote Link to comment Share on other sites More sharing options...
barney0o0 Posted January 20, 2017 Author Share Posted January 20, 2017 Those values are created with the link. The script cross checks the values against the session values. The session script, if OK, then removes the row. As mentioned, the .php file works fine...I don't understand how I can reload the page with the del=1 condition with a seo friendly URL as apposed to the functioning .php file Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 20, 2017 Share Posted January 20, 2017 One last time: How -- does -- the -- full -- URL -- of -- the -- delete -- action -- look -- like? When you click on the link, you end up with a URL (which should contain the three parameters). I want that URL. Not the cart URL. The final URL which is supposed to trigger the action. If you can't see the URL due to redirects, use the developer tools of your browser. Secondly, the Apache documentation says that you need the QSA flag to make URL parameters survive the rewrites. Are you doing that? Quote Link to comment Share on other sites More sharing options...
barney0o0 Posted January 20, 2017 Author Share Posted January 20, 2017 Ok, they are the same. cart.php has a link to delete rows from the session values with the url cart.php?xyz with the necessary values ( as in my initial post) to cross check and fire the delete.When I test using cart.php ( as apposed to /cart) it works fine. I don't know what is the correct method is to send to /cart ( which is directed to cart.php (self)) and fire the code to delete the session row ( in the original post).. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted January 20, 2017 Share Posted January 20, 2017 This is your fifth(!) reply, and you still haven't managed to provide any relevant information. All you do is keep repeating that the .php URL works fine. Then maybe you should give up the whole SEO stuff and go back to classical URLs. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.