1. CSS
  2. Flash
  3. HTML
  4. Illustrator
  5. Java
  6. JavaScript
  7. Maya
  8. Photography
  9. Photoshop
  10. PHP
  11. Ruby
  12. Ruby on Rails
  13. 3ds Max

PHP: Protect your script from hackers: by validating HTTP GET variable names

  1. Clicks today:
  2. Clicks this month:
  3. Overall rating:

PHP » Security — almost 10 years ago
$_GET data is usually passed to the browser to indicate what page or article to load from a Website and may be used to make a query to your MySQL database. You probably already have protected your MySQL database from SQL injection attacks. Let's take an extra step to protect the valuable data your MySQL tables hold. You can prevent users from messing with URL Query Strings by validating validating $_GET data before you execute anything with it.


avatarellisgl almost 10 years ago

Yes - you could protect your scripts this way, but why not just ignore elements in the $_GET array that you are not going to use instead of throwing an error?

Or log unknowns as a hacking attempt?

Your Comment

You must be logged in to post a comment.