I would like others to explain how to ignore any input from the user that is provided through the URL?
For example; if i have a URL like viewitem.php?id=23 and if the user replaces the id with 34 i want to redirect them to an error page even if that id is available, can anyone show me how to do that?
Don't use GET variables, GET variables are easy to manipulate via the URL.
Use POST instead.
This isn't a sure fire way to prevent it, but it makes it much harder to modify the request from a browser when using POST
See also:
When should I use GET or POST method? What's the difference between them?
Question 1: URL like viewitem.php?id=23
Make use of POST method while submitting form. GET method exposes data as well as it has limititation on no of characters can be send after submit.
Question 2: i want to redirect them to an error page even if that id is available, can anyone show me how to do that?
For this check internally if the ID is available in your database if not use.
header('Location: redirect-page.php');
