Narendra Dhami

My Site

mod_rewrite: A Beginner’s Guide to URL Rewriting

Posted by Narendra Dhami on July 15, 2008

So you’re a Web developer who has all the bells and whistles on your site, creates Web-based applications that are both beautiful and work well. But what about these issues?
Applications Must Be Safe

A user must not be able to harm your site in any way by modifying a URL that points to your applications. In order to ensure your site’s safe, check all the GET variables coming from your visitors (I think it’s trivial to mention that the POST variables are a must to examine).

For example, imagine we have a simple script that shows all the products in a category.o Generally, it’s called like this:


But what will this application do if ScriptKiddie(tm) comes and types this in his browser:


Well, many of the sites I’ve seen will drop some error message complaining about use of the wrong SQL query, invalid MySQL resource ID, and so on… These sites are not secure. And can anyone guarantee that a site-to-be-finished-yesterday will have all the parameter verifications –even in a programmer group having only 2 or 3 people?

Applications Must Be Search-Engine Friendly

It’s not generally known, but many of the search engines will not index your site in depth if it contains links to dynamic pages like the one mentioned above. They simply take the “name” part of the URL (that’s everything before the question mark, which contains the parameters that are needed for most of the scripts to run correctly), and then try to fetch the contents of the page. To make it clear, here are some links from our fictitious page:


Unfortunately, there’s a big chance that some of the search engines will try to download the following page:


In most cases calling a script like this causes an error – but if not, I’m sure it will not show the proper contents the link was pointing to. Just try this search at
“”you have an error in your sql syntax” .php -forum”

There are both huge bugs and security in the scripts listed — again, these scripts are not search-engine friendly.

Applications must be user-friendly

If you application uses links like:

then most of your visitors will find it difficult to get back to their favourite category (eg. Nettools/Messengers) every time they start from the main page of your site. Instead, they’d like to see URLs like this:

It’s even easier for the user to find (pick) the URL from the browsers’ drop-down list as they type into the Location field (though of course this only works if the user has visited that previously).

And what about you?

Now you have everything you need to answer the following questions:

* Is your site really safe enough?
* Can you protect your site from hackers?
* Are your Websites search-engine compatible?
* Are the URLs on your site ‘user friendly’ – are they easy to remember? …and would you like it to be? (everyone who answered ‘yes’ to all 4 questions: have a beer!) more…


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: