What are some best practices for handling URL manipulation in PHP to avoid similar issues in the future?

Issue: To avoid URL manipulation vulnerabilities in PHP, it is important to properly sanitize and validate user input before using it in constructing URLs. This helps prevent attackers from manipulating URLs to perform malicious actions on a website. Fix: Use PHP functions like `filter_var()` or `urlencode()` to sanitize and validate user input before constructing URLs. Additionally, consider using a whitelist approach to restrict the allowed input values for constructing URLs.

// Sanitize and validate user input before constructing URLs
$user_input = filter_var($_GET['user_input'], FILTER_SANITIZE_STRING);

// Construct URL using sanitized user input
$url = 'https://example.com/page.php?param=' . urlencode($user_input);