hello everybody,
i have a problem with sending URL Parameters through PHP.
OK, the problem is like this! .. i'm sending a paramter like this .. "http://some.web.path/page.php?id=25" now the issue is, how do we control if someone just deletes the 25 and send a request to the server AND if someone deleted the entire "id=25" and send a request? ....
is it something to do with "empty()" or "isset()" ..... plz help me out my friends ....
Hi,
This is how I do when I fetch ids from the URI.
$id = !empty($_GET['id']) ? intval($_GET['id']) : 0;Yours, Erik.
hi and thanx for the reply lilleman,
yeah .. the solution works fine untill the ID=0, then we'll have a problem right ....
i wanna make the php script to behave against a user modified query string. i also think that this is something relating to "security" cuz, by this was a user can even crash or hack the php script!
What lilleman gave you works to make sure the variable string isn't left empty, but about the only way (I can think of) to monitor and make sure it just isn't changed in the browser is to tie sessions in. So, when the user first hits the site, it creates a session with that variable. Then if it is changed, the page checks the variable against the one in the session, and if it doesn't match, you halt the script. If it does match, go on... Also, if it is blank, then you stop the script. Lastly, if they just type the entire URL in with their own ID, then there is no session set yet... stop the script.
That about covers all scenarios. Not sure if there is a "better" way, but that's what I would do personally.
mmmm .... seems to be a quite good solution .... i'll give a try and come back 
Hi,
Originally posted by velanzia
the solution works fine untill the ID=0, then we'll have a problem right ....
Yes, but I usually let my IDs go from 1 and up, I never use zero for an ID.
Yours, Erik.