如何加密URL中的产品标识 [英] How to encrypt product ID in URL
问题描述
我有刚刚超过800数据的数据库。
I have a database with just over 800 data.
product table
pid name p_page
1 money money.php
2 gold gold.php
3 .
. .
. .
800 .
我有2页...
I have 2 pages...
product_item.php
product_item.php
<div class="button">
<a href="<?php fetchdir($apages) ?><?php echo $row['p_page']; ?>?pid=<?php echo $row['pid']; ?>">View</a>
</div>`
当你点击查看产品信息被传递给 product.php
在这里,我有
when you click view the product info is pass to product.php
in here i have
if (isset($_GET['pid'])) {
根据用户点击URL什么样的产品可能看起来像下面的东西,但 44 将变成什么ID
http://www.example.x10.mx/money.php?pid=44
这个问题,是money.php有不同的布局到其他页面,如果我改变44到68,产品的信息将显示在页面上,但布局将不会好看。
the problem with this, is that money.php have a different layout to the other pages and if I change 44 to 68, the product info will show on the page but the layout will not look good.
我的提问
什么是我停止用户能够改变URL的最佳方式。
我想加密所有我的 PID 在url所以它看起来像
http://www.example.x10.mx//money.php?sel= 的这里的产品名称的或的 4字母的或 什么
My question
what is the best way for me to stop users from being able to change the url.
I want to encrypt all my pid in the url so it will look something like
http://www.example.x10.mx//money.php?sel=the product name here or 4 letters or anything
我只想带走 PID 从URL。
请帮助我。如果你不明白我的问题请你在评论和尝试,并说出你的想法,你明白了。
Please help me. If you dont understand my question please ask in the comment and try and say what you think you understand.
编辑,以显示我抓取功能
$php = "php/";
$apages = "account/";
$bpages = "booking/";
$gpages = "general/";
$ppages = "product/";
// Global functions
function fetchdir($dir)
{
$protocol = $GLOBALS['protocol'];
$host = $GLOBALS['host'];
($dir == $GLOBALS['apages'] || $dir == $GLOBALS['bpages'] || $dir == $GLOBALS['ppages'] || $dir == $GLOBALS['gpages'] ? $branch = $GLOBALS['pagebranch'] : $branch = $GLOBALS['branch']);
echo $protocol.$host.$branch.$dir;
}
感谢
P.S。我不知道这是否可以在.htaccess进行,但我认为它可以在PHP做
p.s. I dont know if this can be done in .htaccess but i think it can be done in php
一些澄清:
我有一个URL看起来像这样
I have a url which looks like this
www.example.com/account/product.php?pid=1
这个问题是,有人能改变1或任意数量的,如果他们是在与该号码将得到的物品信息,并显示在页面上的数据库一个pid。我不希望发生的事情,因为不是所有的产品,目的是要在某些页面显示。
the problem with this is that someone can change 1 or any number and if they is a pid in the database with that number it will get the items information and display on the page. Which I don't want to happen because not all product are meant to be display in some pages.
在我展示我所有可用的产品的papge。我简单的使用了 SELECT 语句,然后重复一下,我需要一些股利。
In the papge which i show all my available product. I simple uses a SELECT statement and then echo what I need in some div.
在该网页我有一个观点按钮。
In that page I have a view button.
$stmt = $conn->prepare("SELECT * FROM Product WHERE Type = 'shoes'");
$stmt->execute();
$i = 0;
$rows = $stmt->fetchAll(PDO::FETCH_ASSOC);
foreach ($rows as $row) {
$id = ($row['pid']);
$product_page ($row['dir_page']);
<div class="button" >
<a href = "<?php fetchdir($apages) ?><?echo $product_page?ProdID=<?php echo $id>" > View</a >
</div >
}
根据页面的信息是越来越发送到当你点击视图我用Get方法
<?php
if (isset($_GET['pid'])) {
// Connect to the MySQL database
dbconnect();
$id = preg_replace('#[^0-9]#i', '', $_GET['pid']);
}
如果你在我的 select语句注意使用键入只显示哪种类型的鞋产品。我有其他类型的为好,这为他们的其他网页。现在的问题是,如果我改变PID到任何页面不具有一种类型的鞋或者如果在其他页面,然后输入一个PID哪种类型的鞋子或任何东西,从该页面中的信息将仍然呈现。我不希望发生的。
If you notice in my select statement used type to show only the product which type is shoes. I have other types as well, which as their other pages. Now the problem is if i change the pid to any page that doesn't have a type of shoes or if an in the other pages and enter a pid which type is shoes or anything, the information from that page will still render. Which I don't want to happen.
我的提问 我怎样才能阻止用户更改PID即使他们改变它。他们仍然会在同一页面上?
My question how can i stop users from changing that pid and even if they change it. they will still be on the same page?
推荐答案
这个问题不具有PID的URL,这是一个在URL中的模板名称。
The problem isn't having the PID in the URL, it is having the template name in the URL.
存储模板的名称在数据库中(你这样做的话),并用它来确定哪些HTML来包装,而不是把它( money.php )中的URL。
Store the template name in the database (you are doing this already), and use that to determine what HTML to wrap the data in instead of putting it (money.php) in the URL.
将您的模板出来的Web根目录(他们不应该由用户直接被击中),有一个的index.php 然后包括()基于在数据库中的数据的模板。
Move your templates out of the web root (they shouldn't be hit by users directly), have a single index.php and then include() the template based on the data in the database.
这篇关于如何加密URL中的产品标识的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
