Malformed URL

[verdrm]

I pass variables through the URL when a user logs in (ex: domain.com/?id=HASH). If a user changes that URL, however, sometimes page information does not load correctly.

 

Does anyone know how to prevent the page from loading or something like that if the URL is malformed? Maybe echo "URL malformed" if the URL is changed or altered?

[pocobueno1388]

Maybe instead of passing it through the URL you could use a session instead.

[verdrm]

I'd prefer it to be passed via the URL. Is there any way to check a malformed URL?

[cooldude832]

first off its not passing through the url its GET variable, and you should always sanitize any user input/get variable as they are well variable.  Read up on injection prevention, input cleansing and you will find an answer.

[verdrm]

The data is not being sent from a form, that is why I am not referring to it as GET.

[sKunKbad]

It doesn't matter if its from a form or not, its still GET, and a user can still mess with you depending on the usage. For instance if you are using the GET variables to access database information, a user could try to inject and kill your database. You need to learn a bit about regex, and filter the GET variables before they are used in your scripts. Regex is not very hard to learn. There are great websites and tools that make regex a no brainer. I got a tool from regexbuddy that makes writing regex super easy.