Security wise navigation

[Distant_storm]

Ok I have read alot of books, and the overall message I always seem to get about navigation systems is that its fairly unsafe to use the GET METHOD. As I know that you are all VERY VERY clued up on security here and I know no security is fully protected but how safe would this code be...

 

 

 

<?php

if (!isset($_GET['page_id'])) {

header("LOCATION:index.php?page_id=1");

}

$page_id=addslashes($_GET['page_id'];
$page_id=strip_tags($_GET['page_id'];
if (!ctype_digit($page_id)) {
exit();
}

 

Then from there the page is displayed on screen by getting the page content from a database using the page_id variable.

 

Im just oblivious to any other stuff that could be cracked with a system like that, I understand there are ways and im pretty sure you lot know every way.

 

So if you could please advice me on any improvments on security wise.

 

Thanks

 

Noobie Phpfreaks.com

[rarebit]

$page_id=addslashes($_GET['page_id'];
$page_id=strip_tags($_GET['page_id'];

Line 0 nullifies line 1...

$page_id=addslashes($_GET['page_id'];
$page_id=strip_tags($page_id);

[Dragen]

I think your code looks quite sound. GET is generally okay to use so long as you check it and don't just dump it straight into your database or whatever you're using it for.

Just to shorten your code a bit I've got it to check, if page_is isn't set OR page_id isn't digit in one statement.

Which means you don't really need to strip tags, or add slashes.

<?php
if (!isset($_GET['page_id']) || !ctype_digit($_GET['page_id'])) {
header("LOCATION:index.php?page_id=1");
}else{
$page_id = $_GET['page_id'];
//do fancy stuff here...
}
?>