I'm working on a website right now and have some top-level page names like these:

Home
Advisory Services
Project Services
Contact
About

They're pulled from a database that I've created and used as navigation links, with hyphens between the words.

I'm using an htaccess file to do a mod-rewrite so that page URLs are shown like this:

example.com/home
example.com/advisory-services
example.com/management-services
example.com/contact
example.com/about


Standard stuff.

The rewrite rule uses this:

RewriteRule ^/?([a-zA-Z_0-9\-]+)/?$ index.php?bar=$1 [L]

(the contents are escaped inside of '/?' because of the environment)


The index.php page checks to see if a value has been passed:

if (isset($_GET['bar'])) {

$foo=$_GET['bar'];

}


Each of the previously mentioned links passes this check EXCEPT for the one named "advisory-services".

That one is not passed along and gets the warning "No passed variable".



If I go into the database and change a letter in that link to something like "advisory-servicef", it works fine.

Lots of variations have worked, but whenever I change it back to "advisory-services" it fails.


I am supremely confused.

And sleepy.

g'nite




...

Do the back-end names have to be in English? "consultorium servicia"

LOL

I'd rather that they be the same so I don't have to create a translation routine :lol:

Just to humor you, I replaced "advisory services" with "consultorium servicia" and it worked perfectly!

And, just for shits and giggles, I changed an entry farther down in the database to "advisory services" and it balked in the same way documented previously.

A new day of trying to suss out what exactly is happening...



...

Oh! Of note: the entries in the database do NOT have hyphens in them - only spaces.

That's something that I'm doing in my code when generating the links.


example.com/home
example.com/advisory-services
example.com/management-services
example.com/contact
example.com/about



...

Just to close the loop, I figured it out.

I just don't know what I did to figure it out.

I hate that, but it is what it is.

:cool:


...

I just wanted to add, is something like this in your actual code?

$foo=$_GET['bar'];

I hope you're taking steps to validate and escape that data, especially if it goes anywhere near your database.

Is this what you're talking about?

Never Use $_GET Again (https://www.phparch.com/2010/07/never-use-_get-again/)



...

Basically, yes. I've been working with Silex and Symfony a lot lately, and its made me rethink everything I thought I knew about php and security. Long story short, never trust data from the client

especially if it goes anywhere near your database.
ผลบอล (https://www.SPAMMITYSPAM.com/livescore/)


^ First time I've seen them using the background color to hide a spam link. Sneaky!