Welcome Guest, Not a member yet? Register   Sign In
can I directly use variables from URI?
#7

[eluser]LinkFox[/eluser]
You can use PHP's is_numeric if your sure it's a number...

if(is_numeric($id)) {
// Do stuff
} else {
// Show user an error message
}

I prefer this over casting because then the rubbish data never even touches the db code.

Or what I do sometimes if there are a limited number of options is run them through a switch statement.

switch($uriQuery) {
case "option1":
$uriQuery = "Opt1";
break;
case "option2":
$uriQuery = "Opt2";
break;
default:
$uriQuery = "Opt1";
break;
}

This ensures no one can inject rubbishy data into your query and also allows yu to put more SEO friendly tags in your URI.

Also I never really use 'IDs' for getting records...this leads to all kinds of security issues if you're getting sensitive information. I normally create a unique ref with PHP's uniqid then hash it and put that in my DB then look up by that. Much harder for someone to guess an ID this way rather than a standard auto increment and if you also do a permission check that the user is allowed to access the content you're quite secure.

Cheers.


Messages In This Thread
can I directly use variables from URI? - by El Forum - 09-12-2010, 08:09 PM
can I directly use variables from URI? - by El Forum - 09-13-2010, 04:36 AM
can I directly use variables from URI? - by El Forum - 09-13-2010, 07:08 AM
can I directly use variables from URI? - by El Forum - 09-13-2010, 05:55 PM
can I directly use variables from URI? - by El Forum - 09-13-2010, 07:08 PM
can I directly use variables from URI? - by El Forum - 09-13-2010, 08:21 PM
can I directly use variables from URI? - by El Forum - 09-14-2010, 01:35 AM



Theme © iAndrew 2016 - Forum software by © MyBB