Menu
I have rules in my .htaccess for pages, show property id etc...
I want to make sure I validate every parameter I get to the right query im getting.
I have:
RewriteRule ^(.*)$ page.php?page=$1
RewriteRule ^property/(.*)$ property.php?pid=$1
so in my php I do:
$page = $_GET['page'];
and
$propertyid = $_GET['pid'];
Now I need to secure them but I want to know which method is best to use to secure these and that is where im lost.
699
You can use the URLConstructor to check if a string is a valid URL. URLConstructor ( new URL(url) ) returns a newly created URL object defined by the URL parameters. A JavaScript TypeError exception is thrown if the given URL is not valid.
To check if a Url is valid in C# you can use Uri. TryCreate() method which creates a new Uri and it does not throw an exception if the Uri cannot be created, it will return a bool if it was created successfully.
I would say to use these rules:
RewriteRule ^([a-z0-9]+)/?$ page.php?page=$1 [L,NC]
RewriteRule ^property/([0-9]+)/?$ property.php?pid=$1 [L,NC]
this way if someone enters any characters other than letters and numbers (for pages) and numbers (for property) it will show a page not found.
If you want really to be sure, you can
$page = mysql_real_escape_string($_GET['page']); just make sure your database connection is open and you can cast the pid like $propertyid = (int)$_GET['pid'];
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
