Home/ Questions/Q 6379123
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T02:05:51+00:00

I’ve moved from HTML to PHP coding, so when I wanted to make a

  • 0

I’ve moved from HTML to PHP coding, so when I wanted to make a link for my news page I used HREF to take the id for the row as a link and make the title of the piece the viewable/clickable link:

echo "<a href=news.php?id=".$row{'id'};
echo ">";
echo ucwords(strtolower($row{'newstitle'}));
echo "</a>";

So when someone clicks on the title it redirects to the article and the address bar becomes (obviously this is an example):
http://site.com/news.php?id=1

How can I validate that the information after the ? is id=int (it will always be a number) and not some user code or other input that could damage the site? I’ve looked at ways of Sanitizing/Validating the code, but all the examples I’ve found have been to do with entering information into forms that are then used in the address rather than simply ensuring the address is valid, hence turning to here for assistance.
Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You should use the filter module:

    $id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id === false) {
     // not an integer
}

    Or you can use ctype_digit() to check if a variable is composed only of decimal digits:

    if (ctype_digit($_GET['id'])) {
    // it's an integer
} else {
    // not an integer
}

    Or shorter:

    ctype_digit($_GET['id']) or die("oops that's not an integer!");

    But die or exit would make your code less testable.

    is_numeric would work too, but it would return true for any string representation of a number, not only integers.

    • 0