array

[Daney11]

How do i stop this

 

http://www.mysite.com/news.php?id=1

 

http://www.mysite.com/news.php?id[]  <----- im using $_GET and if i enter this my page breaks etc.

[Chris92]

I'm not sure either, try: $_GET['id']['0']

[PHP Monkeh]

Some more details on what your problem is and what you're trying to achieve would help.  Are you trying to pass an array as a $_GET ?

[Daney11]

Basically i am using GET to get news_id etc from the url.

 

But if a user enters

 

www.site.com/news_more.php?news_id[] <----

instead of

www.site.com/news_more.php?news_id=123

 

the site breaks up, same with <marquee>lol</marquee> etc inside the url. I need to block those hacking attempts out etc.

 

[Daniel0]

You can check if a variable is an array using is_array() or you can force it to be a string using typecasting (e.g. $var = (string) $other_var;).

 

For the marquee, just use htmlentities().

[Daney11]

if(isset($_GET['result_id'])){

if(!empty($_GET['result_id']) && is_numeric($_GET['result_id'])){
$result_id = $_GET['result_id']; 

 

im using the above in my script and it works perfect, but would anyone change anything?

 

Basically the result_id CAN ONLY be a number and cant allow any injection scripting etc..

 

Would anyone change anything on that?

 

 

[Daniel0]

Yes, remove the isset(), it's redundant when you're also checking that it isn't empty.

[Daney11]

Thanks. i cant see the topic solved anymore..

[Daniel0]

They're working on installing the modification again after the recent upgrade to SMF 1.1.4.