pagination security problems
Posted: Fri Aug 24, 2007 4:39 am
Below is an extract of my pagination script
If ?page=123 then page=123 then it's ok
But when i write ?page=<---something else---> It should print invalid query
but just gives me a blank page.
what should i do so that only a number is valid; to prevent the security attacks
and if ?page=34.365 then also it should be invalid.
If ?page=123 then page=123 then it's ok
But when i write ?page=<---something else---> It should print invalid query
but just gives me a blank page.
what should i do so that only a number is valid; to prevent the security attacks
and if ?page=34.365 then also it should be invalid.
Code: Select all
if(!isset($_GET['page'])){
$page = 1;
}
else {
if(is_numeric($_GET['page']))
{
$page=trim(mysql_real_escape_string($_GET['page']));
}
else
{
echo "invalid query";
exit;
}
}