How safe is it to use an unfiltered $_GET variable directly within a switch

Question

0

Asked: May 26, 20262026-05-26T09:41:28+00:00 2026-05-26T09:41:28+00:00

How safe is it to use an unfiltered $_GET variable directly within a switch

0

How safe is it to use an unfiltered $_GET variable directly within a switch function as shown in the example below?

<?php

 switch ($_GET['sort'])
 {
  case "price":
  // Do something
  break;

  default:
  // Do something else
  break;
 }

?>

Is it possible to compromise the security of my application if the $_GET variable only appears within this switch function throughout the entire PHP script?

ADD: For that matter, will an unfiltered $_GET variable cause a comparison operation to fail in a catastrophic manner?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T09:41:29+00:00

Editorial Team

2026-05-26T09:41:29+00:00Added an answer on May 26, 2026 at 9:41 am

It’s fine to test values from $_GET in a switch. That’s validation in and of itself. The danger is when you let that value work its way into a filesystem path, or database query, or HTML block, or (shudder) eval’d code without context-appropriate sanitization.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

How safe is it to use an unfiltered $_GET variable directly within a switch

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply