PHP, How to secure GET variable from URL
Question
Here is URL:
http://ex.com/members.php?id=5320
Here is code:
mysqli_query("SELECT * from members where id='$_GET[id]'");
which method is secure?
1 answers
solution1
2 ACCPTED 2014-03-22 12:11:23
Use prepared statements and bind variables when you're using MySQLi
$stmt = $mysqli->prepare("SELECT * from members where id=?");
$stmt->bind_param('i', $_GET['id']);
$stmt->execute();
You may also wish to validate that $_GET['id'] is an integer first, and return an error message if it isn't rather than have all the overhead of a db query to return nothing.
Read this answer to a previous question to understand why yu should take this approach
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to get variable from url in php
How to Get filename from a variable (url) in php?
how to make version variable secure from $_GET
PHP get variable from URL
PHP security: How to secure emailed link with get variable?
How to get a variable from url and 301 redirect with php?
How to echo javascript encoded url from GET variable on php
how to get variable from url that loaded with Java script in php?
How do i get a variable from the url to work in a query? PHP
How to remove any given $_GET variable from URL with PHP?
Related Tags