Binary CipherBinary Cipher

Get in Touch

Avoid SQL Injection: Validate the ID Passed in from the Query String in php

How to Avoid SQL Injection: Validate the ID Passed in from the Query String in php while reading the query parameters

First, check if the query parameter is available in the list of query parameters that you are trying to read

using isset($_GET[‘id’])

Secondly, check the type that you are trying to read here in this example we are trying to read a number id is_numeric($_GET[‘id’]

Syntax:

if(isset($_GET[‘id’]) && is_numeric($_GET[‘id’])){

  //Pass the articles id in the where clause $_GET[‘id’]

}else{

    //Invalid request might be SQL injection print no results found

}


Example program:




Leave a Reply

Your email address will not be published. Required fields are marked *

Enable Notifications OK No thanks