Passing variable from URL to php mysql script

[klotto]

Hi everyone,

I'm currently trying to build my first site with php. I use $_GET[] variables to pass certain values to mysql_query, which works perfectly. I have absolutely no idea, however, how to avoid situations when my URL is modified by accident or on purpose after "/somename.php?"...Currently it just messes up my whole query...Can anyone tell how I can avoid this?

Thanks

p.s. please keep in mind that I'm new to php...

[Cosizzle]

hmm theres not you can do about that I dont think? Anyone messing around with their URL is a. trying to do some sort of sql injection or b. and idiot... The URL is for the browser, leave the navigation to your page.

 

There are ways to mask the URL I think... but again - why?

 

Sorry if im missing the point here hehe

[klotto]

I'm more worried about someone who by accident deletes, let's say, one letter in my URL and sees a messed up page...I was looking at some websites to see what happens if I delete a letter or two on purpose in their URL. For example, in http://www.facebook.com/home.php#/home.php?tab=3, no matter what I delete after .php?, I'm getting the same page. In situation like this on my site I'll receive an error message, since if, let's say, I used $_GET["tab"] is my query, it won't be available when somebody deletes a letter from "tab" making it "ab"...I hope it makes some sence ))...

 

hmm theres not you can do about that I dont think? Anyone messing around with their URL is a. trying to do some sort of sql injection or b. and idiot... The URL is for the browser, leave the navigation to your page.

 

There are ways to mask the URL I think... but again - why?

 

Sorry if im missing the point here hehe