PHP: get rid of '?p=' in url?

Question

Possible Duplicate:
Passing varible types though mod-rewrite

howdy, I'm using the get method on my current project. my links refer to <a href='?p=". $path … and i'm getting there values with if(isset($_GET['p'])) …

everytime i click a link the url in the adressbar changes to mydomain.com/?p=files/path/subpath

i wonder if i can somehow use mod_rewrite or anything else i order to get a prettier url. i'd love to get rid of the "/?p=files/" part in my url. it would be cool if the endresult would look like this:

mydomain.com/path/subpath

is that even possible? regards matt

Answer 1

If you're using that type of URL, you are probably doing something wrong in your program.

For example, let's say you use an htpasswd file to store your web site users. And I pass in ?p=../.htpasswd. Now I can break in as the user who has 'please' as their password. Or I pass in ?p=/etc/passwd, and get a list of the valid users on your system.

Yes, you can get rid of the ?p= by using mod_rewrite ( http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html ). But you should really make sure you know what you're doing and that arbitrary path specifications aren't possible.