I have page with 3 $_GET
variables in the URL;
http://www.example.co.uk/search?location=asokoro&day=today&time=12%3A00
location = string, day = string, time = time eg 12:00, 13:15
I will like to prevent access to the page for the below conditions.
Prevent access if no variable received --- COMPLETED
if(!isset($_GET['location']) || !isset($_GET['day']) || !isset($_GET['time'])) {
header("Location: http://www.example.co.uk");
exit;
}
Prevent access if location
is not supported --- COMPLETED
$locations = Array('loc1','loc2');
if (!in_array($_GET['location'], $locations)) {
header("Location: http://www.example.co.uk");
exit;
}
Prevent access if day
is not correct--- COMPLETED
if($_GET['day'] != "today" || $_GET['day'] != "tomorrow") {
header("Location: http://www.abklab.co.uk");
exit;
}
Prevent access if time
is not correct--- NOT COMPLETED
Here I want to be able to check if time
is actually time and not some random string like test
.
As you can see from the URL time is passed with %3A
which reperents :
I would like to check if time
is indeed a time eg 12:00, 14:20 etc if not then prevent access
You just need a way to escape from html's special characters, right? Try this:
if(strlen(trim($_GET['time'])) > 0){
echo htmlspecialchars_decode(trim($_GET['time']));
}
When you get the time variable through $_GET['time']
, %3A
should be translated to :
and rest you can check if the time
is actually time
through regex
. And the expression for that is: ([01]?[0-9]|2[0-3]):[0-5][0-9](:[0-5][0-9])?
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.