PHP GET Function

PHP Secure Ways to Pass GET Parameters In URL

Author: Waseem Ahmed
Updated: July 18, 2019
No Comments yet

Almost every PHP Programmer use the GET method to pass parameters from one page to other page, but we have to secure GET parameters to prevent XSS attacks, if not, it’s dangerous. Because hackers can easily run harmful codes through GET parameters.

Here i will share how we can secure URL GET parameter’s values, so here it is.

Securely GET Integer Values via URL
If you’re dealing only with integer values in URL parameters you can easily secure theme by using is_numeric PHP inbuilt function which is used to check whether a variable is numeric or not.


if(isset($_GET['catid']) && !empty($_GET['catid']) && is_numeric($_GET['catid'])) {
	$category_id=$_GET['catid'];
} else {
	// value is not integer or parameter 'catid' is not in url or is empty
}

Securely GET String via URL
If you are passing string values through URL parameters, you can use strip_tags() inbuilt PHP function which strips a string from HTML, PHP tags and returns a string with all NULL bytes.


if(isset($_GET['catname']) && !empty($_GET['catname'])) {
	$category_name=strip_tags($_GET['catname']);
} else {
	// parameter 'catname' is not in URL or is empty
}

Note: Use GET parameters in URL for sending non-sensitive values only, Do not pass sensitive information in URL like passwords, bank details etc..!

Leave a Reply

Your email address will not be published. Required fields are marked *