0

Like the title says, how do I determine which GET value has been passed on within the url?

Take http://www.example.com/view.php?id=20as an example. The current GET value is 'id', with a value of 20. This works great, but if someone plays around and changes the GET value to something other than 'id', I get a lot of PHP errors on the page.

So my goal is to check wether the passed GET value is incorrect, so I can redirect them to another page. How would I go about doing that?

ndjsbj
  • 1
  • 1
  • 1
    `if(isset($_GET['id']))` – Carl Binalla Jan 18 '18 at 08:12
  • That's exactly what I had, but it would still give an error because I had the query for searching the id in the database outside of that if statement, so whenever a different get request was passed on, it couldn't find the $_GET['id']. Changed it now, thanks! – ndjsbj Jan 18 '18 at 08:16
  • Well, what about putting the condition before the query? – Carl Binalla Jan 18 '18 at 08:18
  • 1
    @Waqas that is not same with this one however it is same as https://stackoverflow.com/questions/12019684/how-to-verify-if-get-exists – Cemal Jan 18 '18 at 09:40

1 Answers1

0

You should validate the URL parameters. In your case, it has to be id and that has to be numeric:

if (isset($_GET['id']) && is_numeric($_GET['id']))

As an advance check, you can validate whether id is integer or not:

if((int)$_GET['id'] == $_GET['id']){
    return TRUE;            
} else {        
    return FALSE; // It's a number, but not an integer
}
Milan Chheda
  • 8,159
  • 3
  • 20
  • 35