Sanatizing data passed through URL |
[eluser]falkencreative[/eluser]
Hello all, Quick CodeIgniter/security question... I am building a basic application that allows me to view/add/edit/delete specific data stored in a database. Each piece of data has a unique id value associated with it, making it easy for me to select the piece I need. Say I'm building an edit page that would allow me to edit that data. My URL would look something like: http://www.mysite.com/admin/edit/1 (the "1" represents the unique id of the data I want to edit) In my CodeIgniter controller, I have something like this... Code: function edit($id) How can I make sure that $id value I'm pulling from the URL is valid? Obviously it's freely available, so the user could change the URL if they want. Is using is_numeric() to check the $id enough (and obviously generating an error if it isn't), or does CodeIgniter have something built in for this? Or, alternately, is there a better way to approach this? Thanks for the comments. |
Welcome Guest, Not a member yet? Register Sign In |