Hi,
I'm doing a simple CMS. I got a controller page which check what's the URL is and check wether it has a record in the database. if it is found a record it display the page.
I want to validate $GET method, $GET[rt] should accept only -, /, character and numbers. Although i've added addslashes it may not enough
$page=addslashes(htmlentities($_GET["rt"]));
/$page=preg_replace("/[^a-zA-Z0-9_-]+/","",$page);
$result=$db->query("SELECT * FROM {$prefix}_page WHERE page_url_alias='$page'");
$found=$db->num_rows($result);
?>
