Let’s face it people, URLs need to be people and search-engine friendly; People need them as navigational aids and search engines love those keyword-laden pieces of loveliness.
The challenges involved
It can be difficult to have a URL that represents the page title and fits in nicely without any <span>20
or random characters e.g. £</span>*&
.
My favoured solution is to convert a page title into a URL friendly format and store it in its own field in the database. NB I don’t use it on this site but, WordPress (which runs this site) does use a similar thing: e.g.
People friendly URLs using PHP, MySQL and mod_rewrite
becomes
people_friendly_urls_using_php_mysql_and_mod_rewrite
Here’s How
When creating a new page, be it a blog article, or a piece of news or whatever, I’ll give it a title and then just before uploading it to the database I’ll run it through a function that removes any nasty characters, then when I upload it I use two separate fields title
and title_html
.
the PHP
The function looks like this:
function create_url($title){ // Step one replace foreign language characters $url_searches = array('à', 'é'); // URL unfriendly characters $url_replacements = array('a', 'e'); // URL friendly characters $url = str_replace($url_searches, $url_replacements, $title); // Strip everything but letters, numbers and spaces from the title $url = preg_replace("/[^A-Za-z0-9 ]/", "", trim($url)); // Replace spaces and underscores with dashes $url = str_replace(array(" ", "_"), '-', $url); // Make lowercase $url= strtolower($url); return $url; }
This code is far from perfect, as I am not a PHP expert. I invite people to improve this as it would be easy to do so.
Using it in the page
When the page is called a MySQL script grabs the webpage based upon that title as long as it unique e.g:
SELECT * FROM articles WHERE title_html = $_GET['title'];
It may be that you don’t even use the title to get the page, you may have an id or other variable in the URL that is used and the title is just for show. Either way, this is a technique that works and gets both people and search engines to use your URLs effectively.
Alternatives
The other option, as I see it, is to run the function everytime on the site whenever you link to the page within your site eg:
<a href="/folder/link<?php echo create_url($row['title']); ?>">link text</a>
This is not the method I’d recommend as it adds more things to think about and more code throughout your pages.
$_GET[‘title’] = ‘””; drop table articles’;
SELECT * FROM articles WHERE title_html = $_GET[‘title’];
nuff said.
Quite right marchaos, the examples above shouldn’t be copied and pasted as they are vulnerable to this kind of hack.
A better idea is to escape your value eg
SELECT * FROM articles WHERE title_html = ‘ escape($_GET[‘title’])’;
where escape() would contain all your data cleansing functions of choice eg addslashes() or mysql_real_escape_string()