Simple parameter checking function, here just want the % to be allowed

Posted by abas_rafiq on Stack Overflow See other posts from Stack Overflow or by abas_rafiq
Published on 2014-06-10T02:48:35Z Indexed on 2014/06/10 3:25 UTC
Read the original article Hit count: 92

Filed under:
|
|

I'm using PDO's bindParam.

This is the function which checks every GET variable on the website. After changing it will echo it out:

function Check_Get_Param($val){
    $value1=addslashes($val);
    $string1=htmlspecialchars($value1);
    $string2=strip_tags($string1);
    $string3=intval($string2);
    return $string3;
}

Hhere this will output the result:

Check_Get_Param($_GET['id']);

Now the idea is any id or id= any or id = %

$_GET['id'] = % will result 0 as % is not integer. How to allow % also?

How do I modify this function or any other function that I could filter the GET parameters so I could keep out the web from injections?

© Stack Overflow or respective owner

Related posts about php

Related posts about mysql