Stephen68 Posted October 8, 2009 Share Posted October 8, 2009 Ok I was told that doing this was not really safe and that people can add stuff to the end of it to mess things up. With this is as longs as I use strip_tags() and mysql_real_escape_string() and maybe cast to the type I would like (string,int) It should be ok. AM I correct in my thinking on this? Stpehen Link to comment https://forums.phpfreaks.com/topic/176988-passing-values-in-url/ Share on other sites More sharing options...
mrMarcus Posted October 8, 2009 Share Posted October 8, 2009 mysql_real_escape_string() is used in conjunction with a cleaning variables for use with a database. using it without an sql connection will result in an error. but yes, you are correct in thinking that cleaning variables is a good idea. i'm sure there are thousands of threads already created about this exact same topic .. why not try searching the forums to see what you can find. Link to comment https://forums.phpfreaks.com/topic/176988-passing-values-in-url/#findComment-933157 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.