views:

81

answers:

2

Menu code:

<a href="/category/<?=$cat_name['id']?>/<?=simpleURI($cat_name['catname'])?>/" title="<?=ucfirst($cat_name['catname']); ?>">Level 1</a>

<a href="/category/<?=$subcat_name['id']?>/<?=simpleURI($cat_name['catname'])?>/<?=simpleURI($subcat_name['catname'])?>/" title="<?=ucfirst($subcat_name['catname']); ?>">Level 2</a>

<a href="/category/<?=$subcat_name1['id']?>/<?=simpleURI($cat_name['catname'])?>/<?=simpleURI($subcat_name['catname'])?>/<?=simpleURI($subcat_name1['catname'])?>/" title="<?=ucfirst($subcat_name1['catname']); ?>">Level 3</a>

<a href="/category/<?=$subcat_name2['id']?>/<?=simpleURI($cat_name['catname'])?>/<?=simpleURI($subcat_name['catname'])?>/<?=simpleURI($subcat_name1['catname'])?>`/<?=simpleURI($subcat_name2['catname'])?>/" title="<?=ucfirst($subcat_name2['catname']); ?>">Level 4</a>

Current mod working fine on /category/18/cat-name-level/cat-name-level2/

  • Here is my .htaccess:

    RewriteRule ^category/([0-9]+)(?:/([^/]+)(?:/([^/]+))?)(?:/([^/]+)(?:/([^/]+))?)?/$ ./category.php?pid=$1 [QSA,L]
    

The problem, we can type anything after the ID:

  • /category/18/yehahh/jsidfd/
  • /category/18/jkasjksd/dhgidg/ondsg/djgn/

How to fix it?

+2  A: 

You'll have to check that the attributes after the ID correspond to the category directly in PHP, and throw a 404 if they don't (so search engines won't index the faulty URLs).

There's no way to check this directly in the .htaccess, unless you generate it and use one RewriteRule for each category.

FWH
Well, that’s the downside when using these so called “search engine friendly URLs” with a lot of unnecessary stuff in it that isn’t needed to identify the resource.
Gumbo
thanks fixed! Canonical Tag also simple way to avoid a duplicate content.
bob
A: 

Restrict the regex for the pid to just numbers. Something like...

\/[0-9]+?$

Then, the last thing HAS to be a numeric value. The ? is almost unnecessary here, but I always err on the side of matching less possibilities, rather than more. This solution assumes pid is an unsigned integer, of course.

Chris