i have a link that needs ti be cleaned up a bit.
http://'.$_SERVER["SERVER_NAME"]."".$_SERVER["REQUEST_URI"].'" />
this link will generate something like this:
http://www.site.com/friends.php
where friends.php
is the $_SERVER["REQUEST_URI"]
.
sometimes i pass an id to the link:
http://www.site.com/friends.php?id=123456
what i want is to use strip_tags or urldecode to clean this link and make sure that whatever is passed in the id
is an int and contains no letters, but i need to do it on the original link: http://'.$_SERVER["SERVER_NAME"]."".$_SERVER["REQUEST_URI"].'" />
edit:
i want the link to be cleaned out so i can't do this to it:
http://www.site.com/friends.php?id=<script>alert(TK00000006)</script>
This assumes that you only have id in your query string:
echo 'http://'.$_SERVER['SERVER_NAME']
. $_SERVER['SCRIPT_NAME']
.'?id='
.filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
Resulting id from id=<script>alert(TK00000006)</script>
is ?id=00000006
.
Alternate answer:
echo 'http://'.$_SERVER['SERVER_NAME']
. $_SERVER['SCRIPT_NAME']
.'?id='
.urlencode($_GET['id']);
//or effectively the same thing using only $_SERVER variables,
//but is much more robust as it handles multiple query parameters:
echo 'http://'.$_SERVER['SERVER_NAME']
. $_SERVER['SCRIPT_NAME']
.$_SERVER['QUERY_STRING'];
Resulting id from id=<script>alert(TK00000006)</script>
is ?id=%3Cscript%3Ealert%28TK%29%3C%2Fscript%3E
If ID cannot be zero, I'd do it like this:
$id = (int)$_GET['id'];
if ($id)
... // valid number > 0
else
... // invalid
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.