Rewrite redirects the simple regex to base file.

Question

I'm trying to do the basic mod_rewrite clean URL trick, where /category/item rewrites to /category/index.php?id=item. In the /category directory, I have this in my .htaccess file:

Options +FollowSymLinks
RewriteEngine  on
RewriteBase  /category/
RewriteRule  ^(.+)$  index.php?id=$1  [L]

It sends the request to the index.php script just fine, but instead of finding "item" in the id variable, I'm getting "index.php". That is, /category/item seems to be rewriting to /category/index.php?id=index.php.

I've tried endless variations, with different/no RewriteBase and other changes, but nothing is working. Any idea where I've gone wrong?

Answer 1

The problem is the file index.php is in the same directory as htaccess and is included and handled by the rewrite. Try adding rewrite conditions:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

Also, the input you are passing to the id paramater is very insecure. Assuming you use numeric ids, you may want to use [0-9] instead of a . to ensure only numbers are passed. If they are alphanumeric, you would still want to use something like: [a-zA-Z0-9\-_].