I have looked and look and I cannot get this working. I have tried to do it with .htaccess and other tries but nothing is working.
I am trying to get from new-machinery.php?Item=100 to new-machinery/Item-Name
This what I have for my product pages.
<?php
$LimitAmt = $Amt + 1;
$Limit = "LIMIT $LimitAmt";
$NextPage = $Page + 1;
$PrevPage = $Page - 1;
$SQLCat = "";
if (strlen($Cat) > 1)
{
$SQLCat = "AND (`Category` LIKE '$Cat;%' OR `Category` LIKE '%;$Cat' OR `Category` LIKE '$Cat')";
}
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `condition`='New' $SQLCat $Limit";
$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link);
$name = mysql_result($result,$i,"name");
$model = mysql_result($result,$i,"model");
$manu = mysql_result($result,$i,"manu");
$desc = mysql_result($result,$i,"desc");
$imagename = mysql_result($result,$i,"image");*/
$eid = $row['id'];
$itemname = $row['itemname'];
$model = $row['model'];
$manufactuer = $row['manufactuer'];
$desc = $row['desc'];
$imagename = $row['image'];
if (!file_exists("UImages/" . $imagename) || strlen($imagename) < 5)
{
$imagename = "NoImage.jpg";
}
?>
And to display the products url I have
<a itemprop="url" href="new-product.php?Item=<?php echo $itemname; ?>"><span itemprop="name"><?php echo $itemname; ?></span></a>
Like I said, I have looked and tried everything I could find but I keep getting a 404 page.
Any help would be greatly appreciated.
First you need to change your links to the format you want. Something like
href="new-product/<?php echo $itemname; ?>">
In your .htaccess you want something like.
RewriteRule ^new-product/(.*) new-product.php?Item=$1
The ^ is the start of the URL.
The () captures the values inside it.
The . is an character and the * is zero or more occurrences of any character. So bascially .* is equal to anything.
The $1 is the value from the first capture group. If you have 2 capture groups they are in order of appearance.
So this new-product/(.*) is the url on the back end the RewriteRule tells apache to send the request to PHP as new-product.php?Item=$1.
So in your PHP you're going to need to change your call so it checks for the name rather than the ID.
$name = mysql_real_escape_string($_GET['Item']);
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `itemname`='$name' LIMIT 1;";
$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link);
$row = mysql_fetch_assoc($R_GetEquipment);
The fetched data doesn't need to be escaped. The escaping is so your SQL statement can't be manipulated by inserting additional characters.
The preferred approach for this is using paramaterized queries unfortunately mysql_ functions don't support that. I'd recommend you update to PDO or mysqli_ so you can take advantage of these.
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29
http://php.net/manual/en/security.database.sql-injection.php
How can I prevent SQL injection in PHP?
If other people had the older format you'll need to make a rewrite controller. The htaccess will need to send to a PHP page that has DB access so it can pull the name from the ID, then resend it... or do a conditional check on your page and if the parameter is an integer check it by id.