开发者

check url variable is valid in php

开发者 https://www.devze.com 2023-02-05 02:23 出处:网络
hi I have a site where the links menu is read from a database and created in the format of index.php?page=mypage

hi I have a site where the links menu is read from a database and created in the format of index.php?page=mypage

how can I chec开发者_Go百科k that "mypage" is a page that exists in the database, so that users can't just add anything into the url?

thanks xx


If your pages are stored within the database: check the result set of the SQL-Query you´re sending to the database and don´t forget to escape characters to deny possible SQL-injection... ( mysql_real_escape_string() )


Use a whitelist approach, something like this:

$allowedKeys = array('myPage', 'yourPage', '...Page');

$_GET = array_intersect_key($_GET, array_flip($allowedKeys));
0

精彩评论

暂无评论...
验证码 换一张
取 消