Validate url parameters in php [closed]
I would say to use these rules:
RewriteRule ^([a-z0-9]+)/?$ page.php?page=$1 [L,NC]RewriteRule ^property/([0-9]+)/?$ property.php?pid=$1 [L,NC]
this way if someone enters any characters other than letters and numbers (for pages) and numbers (for property) it will show a page not found.
If you want really to be sure, you can
$page = mysql_real_escape_string($_GET['page']);
just make sure your database connection is open and you can cast the pid like $propertyid = (int)$_GET['pid'];
i think with page parameter you should have a list of acept pages, then after get 'page', you check if 'page' is in accept list.For example :
$arr_pages = ('page1','page2','page3');$page = $_GET['page'];if(in_array($page,$arr_pages)){// do some thing}else{ // page not found}
And id :
$propertyid = intval($_GET['pid']);
hope this help :)