PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Is it safe using url to dispay products from a mysql database : mysite.com/page.php?products=1 etc or is this a sure fire way to mysql hacking? Could I just check if variable is an int or should I encrypt/decrypt the variable?
I actually don't use the product variable in an sql statement I use:
Don't see why not (I'm no pro) but I think why this is a security no-no is because the end-user can change that $product variable. So if this was say, a $customer_number they could change it from 3 to 4 and be in someone else's account just by changing the url slightly. As it stands if they change it they just view different products in your database which worse that can do it show an outdated product or a product before it is releases.
Now for SEO purposes it is generally a bad idea. (use a url rewrite)