Daney11 Posted February 19, 2008 Share Posted February 19, 2008 How do i stop this http://www.mysite.com/news.php?id=1 http://www.mysite.com/news.php?id[] <----- im using $_GET and if i enter this my page breaks etc. Link to comment https://forums.phpfreaks.com/topic/91871-array/ Share on other sites More sharing options...
Chris92 Posted February 19, 2008 Share Posted February 19, 2008 I'm not sure either, try: $_GET['id']['0'] Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470480 Share on other sites More sharing options...
PHP Monkeh Posted February 19, 2008 Share Posted February 19, 2008 Some more details on what your problem is and what you're trying to achieve would help. Are you trying to pass an array as a $_GET ? Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470488 Share on other sites More sharing options...
Daney11 Posted February 19, 2008 Author Share Posted February 19, 2008 Basically i am using GET to get news_id etc from the url. But if a user enters www.site.com/news_more.php?news_id[] <---- instead of www.site.com/news_more.php?news_id=123 the site breaks up, same with <marquee>lol</marquee> etc inside the url. I need to block those hacking attempts out etc. Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470489 Share on other sites More sharing options...
Daniel0 Posted February 19, 2008 Share Posted February 19, 2008 You can check if a variable is an array using is_array() or you can force it to be a string using typecasting (e.g. $var = (string) $other_var;). For the marquee, just use htmlentities(). Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470495 Share on other sites More sharing options...
Daney11 Posted February 19, 2008 Author Share Posted February 19, 2008 if(isset($_GET['result_id'])){ if(!empty($_GET['result_id']) && is_numeric($_GET['result_id'])){ $result_id = $_GET['result_id']; im using the above in my script and it works perfect, but would anyone change anything? Basically the result_id CAN ONLY be a number and cant allow any injection scripting etc.. Would anyone change anything on that? Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470506 Share on other sites More sharing options...
Daniel0 Posted February 19, 2008 Share Posted February 19, 2008 Yes, remove the isset(), it's redundant when you're also checking that it isn't empty. Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470507 Share on other sites More sharing options...
Daney11 Posted February 19, 2008 Author Share Posted February 19, 2008 Thanks. i cant see the topic solved anymore.. Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470517 Share on other sites More sharing options...
Daniel0 Posted February 19, 2008 Share Posted February 19, 2008 They're working on installing the modification again after the recent upgrade to SMF 1.1.4. Link to comment https://forums.phpfreaks.com/topic/91871-array/#findComment-470527 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.