I’m new to PHP and this question seems stupid.

But I’m really confused with the associative array $_GET, which can help me access the all parameters that has been sent via URL.

Suppose I’m expecting a string of product_ID, and write in the code like this :

$id = $_GET['prod_id'];
Get_Data($id);

While Get_Data() is a function that expects the only parameter to be string, but not array.
What if some bad guy type in the url something like this :

.../product.php?prod_id[]=1&prod_id[]=2

The method using $_GET['prod_id'] will return an array(1,2) instead of a string. This can lead to some really bad trouble in my application.

Now, the question : Is there a global way to avoid the case above ?

[EDIT]

Sometimes I want to get array from $_GET['prod_id'] instead of string (ex: getting data from a multi-selectbox, where users can pick more than 1 product)

Is it feasible for me to check if the returning array is in correct structure (1 dimensional array, with innocent data) or has been cheated by some bad guy like this :

.../product.php?prod_id[a]=1&prod_id[b]=2&prod_id[c]=3&prod_id[d]=4

I think it’s very easy to pass an array with complex structure to php $_GET, but very hard for coder to check if it’s the correct structure they needed.

Can you please enlighten me? Thanks !