how do websites do this index.php?something=somepage

Question

i\'ve seen alot of php based websites where no matter where you navigate your stuck at the index.php and some random parameters are passed in the url. and when i take a look

Answer 1

I've seen this and personally I think it's an awful design. Particularly because many people don't tend to sanitize the include parameter such that someone can include any file they want by just passing in a relative path.

mod_rewrite is typically used to hide URLs like:

/index.php?path=user&include=account

replacing it with something like:

/user/account

like this:

RewriteEngine On
RewriteBase /
RewriteRule ^(\w+)/(\w+)$ /index.php?path=$1&include=$2 [L]

I usually also put in something like this:

RewriteRule %{THE_REQUEST} \.php$ [R=404,L]

I forget the exact syntax but basically th eidea is the user can't request a php file directly. It has to be done via another RewriteRule (like the first one), which can save you a lot of headaches with sanitizing query string input plus avoid the whole problem of PHP creating globals for things you never intended (although they can still POST for this).

Anyway, back to why I think this is a terrible idea. They do it because they tend to want some common code in every page (like a header and footer). I would argue that you're better off actually just including a common file at the top of each of your pages. It's a simpler, clearer design.