Jazajay
01-29-2008, 04:12 AM
Why it is a good morning. It has now been 14 days since I last tracked any hacker activity on my site. Longest period off in 2 half months. So to celebrate in the reduced work load, and because I'm a nice guy, I'm giving you 3 of my cleaning functions, out of 54. In this offer I'm including 3 different URL rewriting functions that I have written myself. These clean the input and return a rewritten URL. Good for dynamic links when you just have dynamic name's to work with - URL rewriting via .htaccess will still be needed, they are not that good - :)
I would appreciate any feedback on making them more efficient or any thing I missed. For newbies to server side SEO this is a must read and may make your day if I don't say so myself :D
Ok function 1 - turns a single variable into it's URL form
call it in via -
<a href="yoursite/<?php echo varUrl($AnyVariableYouLike)?>">
input - Hello World
output - hello-world
input - Hello World You Are A Great Place To Live In
output - hello-world-you-are-a-great-place-to-live-in
function varUrl($string){
$html['string']="";
$html['string']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $string));
$html['string']=strtolower($html['string']);
$reWriteStr = ereg_replace(" ","-",$html['string']);
return $reWriteStr;
}
function 2 -make whole strings of URL's
$category = db output
$toyType=dboutput2
$toyname=dboutout3
call it in via - <a href="<?php echo url($category,$toyType,$toyName)?>"
so input of Baby Supplies,Nursery,Bedding Sheets
would output
yoursite/baby-supplies/nursery/bedding-sheets.htm
input of
Baby Supplies,Nursery,""
would output
yoursite/baby-supplies/nursery/
input of baby-supplies,"",""
would output
yoursite/baby-supplies/
function url($category,$toyType,$toyName)
{
define('DOMAIN','http://www.yoursite.co.uk/');
$html['cat']="";
$html['cat']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $category));
$html['name']="";
$html['name']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $toyName));
$html['type']="";
$html['type']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $toyType));
$reWriteCat ="";
$reWriteCat = strtolower($html['cat']);
$reWriteCat = ereg_replace(" ","-",$reWriteCat);
$reWriteName = "";
$reWriteName = strtolower($html['name']);
$reWriteName = ereg_replace(" ","-",$reWriteName);
$rewriteType = "";
$reWriteType = strtolower($html['type']);
$reWriteType = ereg_replace(" ","-",$reWriteType);
if($category!="")
{
$reWrite = DOMAIN.$reWriteCat."/";
}
if($toyType!="")
{
$reWrite = DOMAIN.$reWriteCat."/".$reWriteType."/";
}
if($toyName!="")
{
$reWrite = DOMAIN.$reWriteCat."/".$reWriteType."/".$reWriteName;
}
return $reWrite;
}
and of coarse there would be no need being stuck with them so here's the one that turns them back to normal URl's on the other side.
function 3 -
echo reWriteUrl($_GET['name'])
so input of
$_GET['name'] has been tampered with and contains
hello<script language=.....</script>-%3Cworld
would out put
Hello 3CWorld
function reWriteUrl($string){
$html['url']=strip_tags(preg_replace('#[^A-Za-z0-9-]#', '', $string));
$reWriteUrl = ereg_replace("-"," ",$html['url']);
$reWriteUrl = ucWords($reWriteUrl);
return $reWriteUrl;
}
I'm sure some one will found these functions as good as I have.
These will remove all bad strings added.
../../../../paswords
would output as passwords - making it useless
..... 1=1 ......
would be removed to 11 - making it harmless.
%3Cscript type="javascript"....%3E
which is <> encoded and often passes validation as it tends to be overlooked would output as
3Escript type="javascript"3C..... making it useless.
Enjoy my hard work and hopefully this will help at least one person not to become a victim to a SQL injection attack while providing the code nesercary to write dynamic SEO'ed URL's.
Have a good day
Jaza
I would appreciate any feedback on making them more efficient or any thing I missed. For newbies to server side SEO this is a must read and may make your day if I don't say so myself :D
Ok function 1 - turns a single variable into it's URL form
call it in via -
<a href="yoursite/<?php echo varUrl($AnyVariableYouLike)?>">
input - Hello World
output - hello-world
input - Hello World You Are A Great Place To Live In
output - hello-world-you-are-a-great-place-to-live-in
function varUrl($string){
$html['string']="";
$html['string']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $string));
$html['string']=strtolower($html['string']);
$reWriteStr = ereg_replace(" ","-",$html['string']);
return $reWriteStr;
}
function 2 -make whole strings of URL's
$category = db output
$toyType=dboutput2
$toyname=dboutout3
call it in via - <a href="<?php echo url($category,$toyType,$toyName)?>"
so input of Baby Supplies,Nursery,Bedding Sheets
would output
yoursite/baby-supplies/nursery/bedding-sheets.htm
input of
Baby Supplies,Nursery,""
would output
yoursite/baby-supplies/nursery/
input of baby-supplies,"",""
would output
yoursite/baby-supplies/
function url($category,$toyType,$toyName)
{
define('DOMAIN','http://www.yoursite.co.uk/');
$html['cat']="";
$html['cat']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $category));
$html['name']="";
$html['name']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $toyName));
$html['type']="";
$html['type']=strip_tags(preg_replace('#[^A-Za-z0-9- ]#', '', $toyType));
$reWriteCat ="";
$reWriteCat = strtolower($html['cat']);
$reWriteCat = ereg_replace(" ","-",$reWriteCat);
$reWriteName = "";
$reWriteName = strtolower($html['name']);
$reWriteName = ereg_replace(" ","-",$reWriteName);
$rewriteType = "";
$reWriteType = strtolower($html['type']);
$reWriteType = ereg_replace(" ","-",$reWriteType);
if($category!="")
{
$reWrite = DOMAIN.$reWriteCat."/";
}
if($toyType!="")
{
$reWrite = DOMAIN.$reWriteCat."/".$reWriteType."/";
}
if($toyName!="")
{
$reWrite = DOMAIN.$reWriteCat."/".$reWriteType."/".$reWriteName;
}
return $reWrite;
}
and of coarse there would be no need being stuck with them so here's the one that turns them back to normal URl's on the other side.
function 3 -
echo reWriteUrl($_GET['name'])
so input of
$_GET['name'] has been tampered with and contains
hello<script language=.....</script>-%3Cworld
would out put
Hello 3CWorld
function reWriteUrl($string){
$html['url']=strip_tags(preg_replace('#[^A-Za-z0-9-]#', '', $string));
$reWriteUrl = ereg_replace("-"," ",$html['url']);
$reWriteUrl = ucWords($reWriteUrl);
return $reWriteUrl;
}
I'm sure some one will found these functions as good as I have.
These will remove all bad strings added.
../../../../paswords
would output as passwords - making it useless
..... 1=1 ......
would be removed to 11 - making it harmless.
%3Cscript type="javascript"....%3E
which is <> encoded and often passes validation as it tends to be overlooked would output as
3Escript type="javascript"3C..... making it useless.
Enjoy my hard work and hopefully this will help at least one person not to become a victim to a SQL injection attack while providing the code nesercary to write dynamic SEO'ed URL's.
Have a good day
Jaza