how to protect $_GET["act"] - php ?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
mekha
Forum Contributor
Posts: 112
Joined: Sat Mar 31, 2012 6:50 am

how to protect $_GET["act"] - php ?

Post by mekha »

hi guys,
i have this link:
xxxxxxx.com/form.php?act=add
how do i protect the $_GET["act"]; ?
i tryed:
$mysqli->real_escape_string($_GET["act"]);

and when i write:
xxxxxxx.com/form.php?act=add""""

there is problems in the page....
i tryed too:
mysql_real_escape_string($_GET["act"]);
and there is php errors...variables undefined....
how can i protect $_GET["act"]?
User avatar
Celauran
Moderator
Posts: 6427
Joined: Tue Nov 09, 2010 2:39 pm
Location: Montreal, Canada

Re: how to protect $_GET["act"] - php ?

Post by Celauran »

Define an array of acceptable values to check against.

Code: Select all

$actions = array('add', 'edit', 'delete');
if (isset($_GET['act'] && in_array($_GET['act'], $actions))
{
    // do stuff
}
mekha
Forum Contributor
Posts: 112
Joined: Sat Mar 31, 2012 6:50 am

Re: how to protect $_GET["act"] - php ?

Post by mekha »

no results :S...
$actions = array('add', 'edit', 'delete');
if (isset($_GET['act']) && in_array($_GET['act'], $actions))
{
$act = $_GET["act"];
}
///////////
if i write a QUOTE in the url like this: xxxx.com/form.php?act=add'
there are a problem!... i want it clean
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: how to protect $_GET["act"] - php ?

Post by social_experiment »

mekha wrote:there are a problem!... i want it clean
By 'clean' do you mean without anything except the value you pass along in the query string? As Celauran suggests you can check the value that you receive from the query string against values in an array or you can have a predefined statement like the one below

Code: Select all

<?php
if ($_GET['act'] != '' && $_GET['act'] == 'add')
?>
What errors do you receive when executing the code
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
mekha
Forum Contributor
Posts: 112
Joined: Sat Mar 31, 2012 6:50 am

Re: how to protect $_GET["act"] - php ?

Post by mekha »

aha...ok great man, thank you celauran and socual_experiment.....with your suggestions i've solved my problem :D
Post Reply