URL Parameters

velanzia

hello everybody,

i have a problem with sending URL Parameters through PHP.

OK, the problem is like this! .. i'm sending a paramter like this .. "http://some.web.path/page.php?id=25" now the issue is, how do we control if someone just deletes the 25 and send a request to the server AND if someone deleted the entire "id=25" and send a request? ....

is it something to do with "empty()" or "isset()" ..... plz help me out my friends ....

lilleman

Hi,

This is how I do when I fetch ids from the URI.

$id = !empty($_GET['id']) ? intval($_GET['id']) : 0;

Yours, Erik.

velanzia

hi and thanx for the reply lilleman,

yeah .. the solution works fine untill the ID=0, then we'll have a problem right ....

i wanna make the php script to behave against a user modified query string. i also think that this is something relating to "security" cuz, by this was a user can even crash or hack the php script!

TheDefender

What lilleman gave you works to make sure the variable string isn't left empty, but about the only way (I can think of) to monitor and make sure it just isn't changed in the browser is to tie sessions in. So, when the user first hits the site, it creates a session with that variable. Then if it is changed, the page checks the variable against the one in the session, and if it doesn't match, you halt the script. If it does match, go on... Also, if it is blank, then you stop the script. Lastly, if they just type the entire URL in with their own ID, then there is no session set yet... stop the script.

That about covers all scenarios. Not sure if there is a "better" way, but that's what I would do personally.

velanzia

mmmm .... seems to be a quite good solution .... i'll give a try and come back 🙂

lilleman

Hi,

Originally posted by velanzia
the solution works fine untill the ID=0, then we'll have a problem right ....

Yes, but I usually let my IDs go from 1 and up, I never use zero for an ID.

Yours, Erik.