how is this achieved

louie · 29-10-2004 2:37pm #1

http://www.url.ie/foldername/foldername/foldername?id=665932

I have seen this url type on some websites.
What type of programming language is used, as the entire website is dynamically created?

ASP
PHP
XML

joePC · 29-10-2004 2:43pm

Your link doesnt work.

Sposs · 29-10-2004 2:44pm

I think he was just using that link as an example????

louie · 29-10-2004 2:48pm

Sorry.
Yes the link is just an example.

the Guru · 29-10-2004 2:52pm

asp and php will give you endings like that when you are using databases

louie · 29-10-2004 2:56pm

yes, but there's not termination as what language is using on those pages like index.asp?...querystring

could that work if is just a folder set with index.asp or .php, and you just pass the querystring over?

louie · 29-10-2004 3:03pm

i tried on one of those websites to name the page as index.asp or .php or .aspx and I get the following error:

ERROR: 404 Not Found

HResult: 0x80070003
Source: Microsoft SQL isapi extension
Description: File not found

tomED · 29-10-2004 3:03pm

Any web scripting language can be used to create urls like this. It's a server configuration. Not sure what exactly though, but your hosting provider should be able to tell you....

The simple idea is that the default file (index.php, index.asp etc), will execute and include what ever is passed through the url.

Example
www.eee.ie/tomsfolder/index.php?id=111
www.eee.ie/tomsfolder/?id=111

Working example:
http://www.2bscene.net/?id=4
http://www.2bscene.net/index.php?id=4

louie · 29-10-2004 3:12pm

Thanks.

The example I was looking at is actually using ISAPI extension for MS SQL database. very smart. How safe is regarding hacking those type of pages?

I am after reading this article which has an example as well.
Check it out what is says at the bottom of the page.

http://www.programmersheaven.com/articles/adrian/isapi/article.html

i am looking to design some sort of website that will be harder to hack.
Any recommedations. I am working on it at the moment is asp and sql2000 database.

pork99 · 29-10-2004 6:19pm

Also overlong querystrings are not search engine friendly

PHP has an add-on feature called, I think, mod_rewrite that turns

www.url.ie/foldername/foldername?id=665932&something=1234

into something like

www.url.ie/foldername/foldername/665932/something/1234

which is more desirable

does ASP or JSP has a similiar feature anyone?

tomED · 29-10-2004 6:24pm

louie wrote:

i am looking to design some sort of website that will be harder to hack.
Any recommedations. I am working on it at the moment is asp and sql2000 database.

I don't know of any recent vunerabilities in the ISAPI extension.

All I would worry about are the usual bad coding practices....
Try keep all your queries in StoredProcedures
make sure all include files (especially ones with connection details etc) are .asp and not .inc (a lot of people still like to do this! Make sure your code itself has no vunerabilities...

And finally, but prob most importantly... make sure you have a reliable ISP that keeps their servers uptodate!!!

tomED · 29-10-2004 6:27pm

pork99 wrote:

Also overlong querystrings are not search engine friendly

PHP has an add-on feature called, I think, mod_rewrite that turns

www.url.ie/foldername/foldername?id=665932&something=1234

into something like

www.url.ie/foldername/foldername/665932/something/1234

which is more desirable

does ASP or JSP has a similiar feature anyone?

mod_rewrite is an apache add-on.

IIS doesn;t have an equivelant (afaik) but there are ways to do it on IIS... but i think u need components.... ill find out

Isapi Rewrite
http://www.isapirewrite.com/

pork99 · 29-10-2004 7:28pm

tomED wrote:

mod_rewrite is an apache add-on.

d'oh - that explains why I couldn't get it to work :eek:

louie · 29-10-2004 10:19pm

tomED wrote:

I don't know of any recent vunerabilities in the ISAPI extension.

All I would worry about are the usual bad coding practices....
Try keep all your queries in StoredProcedures
make sure all include files (especially ones with connection details etc) are .asp and not .inc (a lot of people still like to do this! Make sure your code itself has no vunerabilities...

And finally, but prob most importantly... make sure you have a reliable ISP that keeps their servers uptodate!!!

I won't go down that road regarding ISAPI, not yet. Too much to learn nd not time for it, that's why I never got into php or aspx yet.

I do have all queries in store procedures not matter how small theire are, and trust me all my pages are .asp except global.asa. I'll be suprised to see those connections string still saved as .inc files, whoever does it needs his brain rebooted or something.

As regarding the hosting company, I am in a safe place with Blacknight Solutions.

Thanks everybody for their support.

tomED · 30-10-2004 1:46pm

louie wrote:

I do have all queries in store procedures not matter how small theire are, and trust me all my pages are .asp except global.asa. I'll be suprised to see those connections string still saved as .inc files, whoever does it needs his brain rebooted or something.

You'd be surprised!
I just took over a site from a very well known web development company..... The website is also for a well known company, which has a decent amount of traffic - Yet this web dev company had all the connection strings in inc files. I was very disappointed as the rest of the code was very good!