phpmysql.htaccessdynamic-links

how to do exect match on mysql_query?

How to do absolute MySQL query match. Since I seem getting collision if a user is trying to call a url or a file via short link domain.ltd/NGV which collides with domain.ltd/ngv forcing the fetch script to pull /NGV file not /ngv

Here is the code which does the MySQL selections also the htaccess bit is provided

 $tag = $_REQUEST['rid'];

 $q = mysql_query("SELECT * FROM `media` WHERE `qp_tag` = '".mysql_escape_string($tag)."' LIMIT 1");

 $r = mysql_fetch_row($q);

 if(!empty($r)) {

     $f = stripslashes($r['file']);
     $t = stripslashes($r['type']);

     $c = file_get_contents($f);

     $api_html = <<<API_HTML_VIEW
     $c
             API_HTML_VIEW;

     echo $api_html;

 } else {

     $api_html = <<<API_HTML_VIEW
     We are sorry but we cannot find requested resource :(
             API_HTML_VIEW;

     echo $api_html;

 }

.htaccess code bit

RewriteRule ^([a-zA-Z0-9-]+)/?$ api.php?rid=$1 [L,QSA]

and here is the last bit of code to generate the actual short links which also may be the problem since i am not sure whats kicking the thing back at the present moment

function qp_tag() {

     $file_tag = $_FILES['file']['name'];
     $file_uni = uniqid();
     $short = strtolower(substr(base64_encode(crc32($file_tag)), 0, 3));  

     return $short;

}

Edited: The system works now the only problem is that it lags allot on selecting file if its a file 

 $f = $r['file'];
 $t = $r['type'];
 $s = $r['size'];
 $n = $r['name'];

 header("Pragma: public"); // required
 header("Expires: 0");
 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
 header("Cache-Control: private",false); // required for certain browsers
 header("Content-Type: ".$t."");
 header("Content-Disposition:attachment;filename=".$n."");
 header("Content-Length: ".$s);
 ob_clean(); 
 flush();

 $fp = fopen($f, "r"); 
 while (!feof($fp))
     {
         echo fread($fp, 65536); 
         flush(); // this is essential for large downloads
     }  
 fclose($fp);
Solution

  • If I understand you correctly, you want to use the BINARY operator for case-sensitive matching:

    $q = mysql_query("SELECT * FROM `media` WHERE BINARY `qp_tag` = '".mysql_escape_string($tag)."' LIMIT 1");

    This is the same as your query above except I've inserted the word BINARY in the comparison.

    Note that it's possible you won't be able to take full advantage of the any indexes on the comparison column if you do this. That may not be an issue at all for you, but take it into consideration if your table has a lot of rows in it.