Simple parameter checking function, here just want the % to be allowed
Posted
by
abas_rafiq
on Stack Overflow
See other posts from Stack Overflow
or by abas_rafiq
Published on 2014-06-10T02:48:35Z
Indexed on
2014/06/10
3:25 UTC
Read the original article
Hit count: 92
I'm using PDO's bindParam.
This is the function which checks every GET variable on the website. After changing it will echo it out:
function Check_Get_Param($val){
$value1=addslashes($val);
$string1=htmlspecialchars($value1);
$string2=strip_tags($string1);
$string3=intval($string2);
return $string3;
}
Hhere this will output the result:
Check_Get_Param($_GET['id']);
Now the idea is any id or id= any or id = %
$_GET['id'] = %
will result 0
as %
is not integer. How to allow %
also?
How do I modify this function or any other function that I could filter the GET parameters so I could keep out the web from injections?
© Stack Overflow or respective owner