hi guys,
i have this link:
xxxxxxx.com/form.php?act=add
how do i protect the $_GET["act"]; ?
i tryed:
$mysqli->real_escape_string($_GET["act"]);
and when i write:
xxxxxxx.com/form.php?act=add""""
there is problems in the page....
i tryed too:
mysql_real_escape_string($_GET["act"]);
and there is php errors...variables undefined....
how can i protect $_GET["act"]?
how to protect $_GET["act"] - php ?
Moderator: General Moderators
Re: how to protect $_GET["act"] - php ?
Define an array of acceptable values to check against.
Code: Select all
$actions = array('add', 'edit', 'delete');
if (isset($_GET['act'] && in_array($_GET['act'], $actions))
{
// do stuff
}Re: how to protect $_GET["act"] - php ?
no results :S...
$actions = array('add', 'edit', 'delete');
if (isset($_GET['act']) && in_array($_GET['act'], $actions))
{
$act = $_GET["act"];
}
///////////
if i write a QUOTE in the url like this: xxxx.com/form.php?act=add'
there are a problem!... i want it clean
$actions = array('add', 'edit', 'delete');
if (isset($_GET['act']) && in_array($_GET['act'], $actions))
{
$act = $_GET["act"];
}
///////////
if i write a QUOTE in the url like this: xxxx.com/form.php?act=add'
there are a problem!... i want it clean
- social_experiment
- DevNet Master
- Posts: 2793
- Joined: Sun Feb 15, 2009 11:08 am
- Location: .za
Re: how to protect $_GET["act"] - php ?
By 'clean' do you mean without anything except the value you pass along in the query string? As Celauran suggests you can check the value that you receive from the query string against values in an array or you can have a predefined statement like the one belowmekha wrote:there are a problem!... i want it clean
Code: Select all
<?php
if ($_GET['act'] != '' && $_GET['act'] == 'add')
?>“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
Re: how to protect $_GET["act"] - php ?
aha...ok great man, thank you celauran and socual_experiment.....with your suggestions i've solved my problem 