how do websites do this index.php?something=somepage

Question

i\'ve seen alot of php based websites where no matter where you navigate your stuck at the index.php and some random parameters are passed in the url. and when i take a look

Answer 1

This type of URL allows you to use a single template file that specifies common markup, with an included fragment that contains specific text. That included fragment could be an actual file on the filesystem, or it could be a CLOB in a database, with the "page" parameter giving the primary key.

As other people have noted, passing an exact path is not at all secure -- don't do it. At best, it can be used to probe your website and retrieve non-public content. At worst, it can turn your website into an unwitting proxy for content that you don't want legally associated with you. Somewhere in between, it might provide a hacker the ability to physically insert new content into your site.

A safer approach is to use the database table, or (for smaller sites), an in-memory page table. Here's the code that I use to access the page table for my personal website:

$pageName = (array_key_exists("page", $_GET))
          ? $_GET["page"]
          : null;
$currentPage = (array_key_exists($pageName, $pagetab))
             ? $pagetab[$pageName]
             : $pagetab["home"];