CodeIgniter Forums

Full Version: Sanatizing data passed through URL
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

El Forum

Hello all,

Quick CodeIgniter/security question...

I am building a basic application that allows me to view/add/edit/delete specific data stored in a database. Each piece of data has a unique id value associated with it, making it easy for me to select the piece I need.

Say I'm building an edit page that would allow me to edit that data. My URL would look something like: (the "1" represents the unique id of the data I want to edit)

In my CodeIgniter controller, I have something like this...

function edit($id)

How can I make sure that $id value I'm pulling from the URL is valid? Obviously it's freely available, so the user could change the URL if they want.

Is using is_numeric() to check the $id enough (and obviously generating an error if it isn't), or does CodeIgniter have something built in for this? Or, alternately, is there a better way to approach this?

Thanks for the comments.