i am a problem while creating .htaccess to rewrite urls i made .htaccess as Options +FollowSymLinks RewriteEngine on RewriteRule view/(.*)/(.*)/$ /view.php?joke=$1=$2 for the script view.php <?php include "connect.php"; include "config.php"; include "header.php"; $a = "select * from jokes where id = \"$joke\""; $b = mysql_query($a) or die(mysql_error()); $c = mysql_fetch_array($b); $nextjoke = $joke + 1; $prevjoke = $joke - 1; if($c[valid] == '0') { echo "The joke hasn`t been validated yet"; } else { ?> <script> //Popup Window Script //By JavaScript Kit (http://javascriptkit.com) //JavaScript tutorials and over 400+ free scripts function openpopup(){ var popurl="print.php?joke=<?=$joke?>" winpops=window.open(popurl,"","width=500,height=500,scrollbars,") } </script> <title></title><table width="448" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="448" height="19" background="img/topbar4.gif"><center> <strong></strong> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td><center> <strong><font color=white><? echo ("Viewing $c[joketitle]");?></font></strong><span><strong><a href='view.php?joke=<?=$prevjoke?>'></a></strong></span></center></td> <td width="80"><center> <span><strong><a href='javascript:history.back(-1)'><font color="#FFFF66">« Go back</font></a></strong></span></center></td> <td width="90"><center> <strong><a href='view.php?joke=<?=$nextjoke?>'><font color="#FFFF66">Next Joke »</font></a></strong> </center></td> </tr> </table> </center></td> </tr> <tr> <td bgcolor="#FFFFFF" class=dott2><table width="100%" border="0" cellspacing="2" cellpadding="2"> <tr> <td valign="top"></td> </tr> <tr> <td valign="top"><? echo "<font size=3 class=underline>$c[joketitle]</font><br><br><br>"; ?><? echo nl2br("$c[thejoke]");?> </td> </tr> </table></td> </tr> <tr> <td height="18" background="img/bottombar.gif"><center> <span><strong><a href='view.php?joke=<?=$prevjoke?>'><font color="#FFFFFF">« Previous Joke</font></a></strong></span><strong> <font color="#FFFFFF">—</font> <a href='view.php?joke=<?=$nextjoke?>'> <font color="#FFFFFF">Next Joke »</font></a></strong> </center></td> </tr> </table> <br> <table width="448" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="448" height="19" background="img/topbar.gif"><center> <strong><font color="#FFFFFF">JOKE DETAILS</font></strong> </center></td> </tr> <tr> <td bgcolor="#FFFFFF" class=dott2><table width="100%" border="0" cellspacing="2" cellpadding="2"> <tr> <td colspan="2" valign="top"></td> </tr> <tr> <td width="50%" valign="top"> <table width="100%" border="0" cellpadding="5" cellspacing="1" bgcolor="#003399"> <tr> <td bgcolor="#FFFF66"><strong><font color="#0033CC">Submitted by</font> </strong>: <a href='more.php?by=<? echo "$c[name]";?>'><? echo "$c[name]";?></a><br> <strong><font color="#0033CC">Submitted on</font></strong> : <? echo "$c[addedon]";?><br> <strong><font color="#0033CC">Joke Type</font></strong> : <? echo "$c[joketype]";?><br> <strong><font color="#0033CC">Rating</font></strong> : <? echo "$c[rate]";?><br> <strong><font color="#0033CC">Joke Language</font></strong> : <? echo "$c[lang]";?><br> <strong><font color="#0033CC">Joke Viewed</font></strong> : <? if (!session_is_registered("counted")){ mysql_query("UPDATE jokes SET viewed=(viewed + 1) WHERE id=$joke"); echo "$c[viewed] times."; } ?> </td> </tr> </table></td> <td valign="top"><table width="100%" border="0" cellpadding="5" cellspacing="1" bgcolor="#003399"> <tr> <td bgcolor="#FFFF66"><font color="#0033CC"><strong>Rate this Joke :</strong></font> <? //form is in php because of the variable $song_id which is recieved through urlencode! echo (" <form name='Rate_Form' method='post' action='rate.php'> <select size='1' name='rating'> <option selected value='5'>5- Excellent</option> <option value='4'>4 - Good</option> <option value='3'>3- Fair</option> <option value='2'>2 - So So</option> <option value='1'>1 - Poor</option> <option value='0'>0- Awful</option> </select> <input type='hidden' name='id' value='$joke'> <input style='FONT-WEIGHT: bold; CURSOR: hand; COLOR: #000000; BACKGROUND-COLOR: #ffcc00' type='submit' value='Go!'> </form> "); if((($c[rate] >= 0)or($c[rate] == 0)) && ($c[rate] <= 0.50)){ echo "<img src='img/rate0.gif'>"; } if((($c[rate] >= 0.50)or($c[rate] == 0.50)) && ($c[rate] <= .99)){ echo "<img src='img/rate1.gif'>"; } if((($c[rate] >= 1.00)or($c[rate] == 1.50)) && ($c[rate] <= 1.49)){ echo "<img src='img/rate2.gif'>"; } if((($c[rate] >= 1.50)or($c[rate] == 1.50)) && ($c[rate] <= 1.99)){ echo "<img src='img/rate3.gif'>"; } if((($c[rate] >= 2.00)or($c[rate] == 2.00)) && ($c[rate] <= 2.49)){ echo "<img src='img/rate4.gif'>"; } if((($c[rate] >= 2.50)or($c[rate] == 2.50)) && ($c[rate] <= 2.99)){ echo "<img src='img/rate5.gif'>"; } if((($c[rate] >= 3.00)or($c[rate] == 3.00)) && ($c[rate] <= 3.49)){ echo "<img src='img/rate6.gif'>"; } if((($c[rate] >= 3.50)or($c[rate] == 3.50)) && ($c[rate] <= 3.99)){ echo "<img src='img/rate7.gif'>"; } if((($c[rate] >= 4.00)or($c[rate] == 4.00)) && ($c[rate] <= 4.49)){ echo "<img src='img/rate8.gif'>"; } if((($c[rate] >= 4.50)or($c[rate] == 4.50)) && ($c[rate] <= 4.99)){ echo "<img src='img/rate9.gif'>"; } if($c[rate] == 5.0){ echo "<img src='img/rate10.gif'>"; } ?> </td> </tr> </table></td> </tr> <tr> <td><div align="left"><img src="img/print.gif" width="14" height="15" align="absmiddle"> <strong><a href="javascriptpenpopup()"><font color="#FF0000">Printer friendly version</font></a></strong> </div></td> <td><div align="right"><strong><a href="send.php?joke=<?=$joke?>"><font color="#FF0000">Send this joke to your friends</font></a></strong> <img src="img/email.gif" width="22" height="15" align="absmiddle"></div></td> </tr> </table> </td> </tr> <tr> <td><img src="img/bottombar.gif" width="448" height="18"></td> </tr> </table> <? } include "footer.php"; ?>
I got a headache reading the text, but this query string in your htaccess is missing the second parameter and ampersand: /view.php?joke=$1=$2 Code (markup): should be /view.php?joke=$1¶m=$2 Code (markup):
Indeed. I also saw you made quite a big mistake; your code is easily "hackable" with an sql injection. To prevent this, do the following. FIND: $a = "select * from jokes where id = \"$joke\""; Code (markup): ADD, BEFORE: (on a new line, before the previous line) $joke = htmlspecialchars(addslashes($HTTP_GET_VARS['joke'])); Code (markup): If you don't do this, it's very easy to hack your database and such. Very dangerous thing, sql injection
I don't think the htmlspecialchars() should be used here : you don't need it for the database (which doesn't understand HTML), it'll just make the stored string longer and make it cumbersome to use it for anything else than HTML (what if you want to output it in a plain text file or some email ?). IMHO htmlspecialchars should be used when displaying the value after pulling it out from the database, it makes more sense that way.